|By Gilad Parann-Nissany||
|November 1, 2014 07:00 AM EDT||
Using AWS and Solving All Security Issues
The Amazon Web Services public infrastructure cloud is seeing massive adoption, and for good reason. Using AWS arms companies with advanced infrastructure that, in most cases, they could not possibly achieve in their own datacenters. In fact, According to Gartner, AWS has 5 times more deployed cloud infrastructure as their next 14 competitors have...combined. Customers like Bristol-Myers Squibb, Unilever, and Lionsgate are taking advantage of the broad and deep services of the AWS Cloud to grow their businesses and accelerate innovation.
However, using any public cloud infrastructure still requires proper implementation, especially as regards security concerns; this is true for AWS as much as anyone. An IDG Enterprises survey of 1,500 companies found that two-thirds of IT decision makers see security as the primary barrier to cloud adoption. We asked real companies about the top cloud security mistakes made on AWS and found that many users rely too much on AWS and do not do their own due diligence as it pertains to their own cloud security. These experts revealed what they think are the top cloud security mistakes on the attached infographic.
One of the main mistakes AWS users make is losing control of their data by "allowing Amazon or a third party to control their encryption keys."
Dennis King, of Working Security, agrees that not taking ownership of security is a major mistake. He adds that "Amazon provides security capabilities, but without clear security ownership by the customer, even existing in-house security practices can be overlooked and create significant risk."
If fact, in their own Security Center, Amazon informs customers of the "Shared Responsibility Model." According to AWS, they have secured the underlying infrastructure and done so quite well with security features like:
- Built-in firewalls
- Multi-factor authentication
- Private Subnets
- Security logs
- And much more
However, it is the responsibility of each customer to secure anything they put on that infrastructure. They clarify, "This includes your AWS EC2 instances and anything you install on them, any accounts that access your instances, the security group that allows outside access to your instances, the VPC subnet that the instances reside within if you've chosen this option, the external access to your S3 buckets, etc."
Dr. Engin Kirda of Northeastern University and Lastline shares that "the top security mistake made on AWS may still be failing to securely delete sensitive information like passwords... before sharing virtual images..." Dwayne Melancon of Tripwire adds that it is a huge mistake to let hackers benefit from automation by "leaving AWS login credentials in publically readable scripts."
Jeff Huckaby of rackAID shares that the main security issues are those of improper AWS setup. Ari Zoldan of Quantum Networks agrees and adds the need to update AWS setup regularly, "what customers should do is check ‘resource utilization' frequently and then change their setup accordingly."
Danny Gueta of SysAid Technologies and Tal Klein of Adallom both cite major security issues in administrative privileges. Mr. Gueta encourages customers to protect their root user and Mr. Klein urges customers not to make every admin a "Super Admin."
To summarize the advice of all of the experts is to say that while using AWS may be a great move both technically and from a business perspective, it does not mean that you are no longer liable or responsible for security. While securing the infrastructure is a critical task that falls on Amazon, securing your data, apps, and sensitive information is still up to you.
- Database Security in the Cloud
- Disruptive Innovations and the 'Internet of Things' | @ThingsExpo [#IoT]
- Securing Cloud Data from Cybercrime, Intrusion and Surveillance
- Cloud Computing Security Issues and Challenges By @GiladPN | @CloudExpo [#Cloud]
- MySQL in the Cloud
- Cloud Security – Implementing a Secure Cloud Backup Case Study
- Four Great Tips: Cloud Security for Big Data
- Answering Common Cloud Security Questions from CIOs
- Securing Your ‘Data at Rest’ in the Cloud
- Encrypted Cloud Storage – The Missing Piece