|By Gilad Parann-Nissany||
|December 28, 2014 03:00 PM EST||
AWS Security Tips from Amazon Web Services CISO, Stephen Schmidt
In a recent interview at AWS re:Invent, the vice president of AWS security engineering and the chief information security officer of Amazon Web Services, Stephen Schmidt, had these cloud security tips for AWS customers:
1. Understand your part of the shared responsibility model
“It’s a shared responsibility. We are responsible for the bottom layer. We are responsible from the floor of the data center up to the hypervisor,” said Schmidt.
According to FierceCIO, this means that “deploying a cloud infrastructure doesn’t automatically release the enterprise from duty of managing their security. Indeed, there is certainly a lot of attack surface above the hypervisor that enterprises need to harden.”
Schmidt further warned that companies who are migrating from a hosting company may be at greatest risk of erring in the shared security model.
How can you make sure your company plays it safe? Read on for Schmidt’s insights.
2. Proper encryption is critical
When asked how companies can protect themselves, Schmidt says “They need to properly scope encryption [and] use encryption where it is available.”
According to another expert, BBC.com writer Paul Rubens, “Even if cloud service providers are infiltrated or compelled to disclose data, for example, whatever is encrypted will remain unreadable to unauthorized viewers as long as enterprises retain control of their encryption keys. Additionally, placing the focus on the data rather than on infrastructure helps ensure that data will remain safe even if hardware vulnerabilities are exploited.”
“Encryption is a vital component of a strong security posture for any size organization, and it should be a standard offering within the cloud,” Chris Cicotte, EMC CISSP VCP cloud architect/SP specialist, said. He added, “The threat landscape has already begun to evolve, and from an overall security perspective, we need to take a proactive approach by layering in technologies like encryption at every layer.”
Find an encryption solution that uses the industry’s strongest algorithms, such as AES-256, to encrypt the data layer. All projects (typically each project is an application) should be cryptographically separated from each other, and a secure protocol used to ensure trust among project instances.
Furthermore, ensure that backup snapshots and encrypted disks can be locked if the data is not in use.
3. Key management is key
Beyond encryption, Schmidt encourages businesses not to discount the importance of key management. “They need to make sure that they have a plan in place to rotate their credentials on Amazon. They are the keys to your interaction with us,” he said, using AWS as an example.
To maintain compliance with industry regulations like HIPAA, PCI DSS, and general data security, the industry’s premier solutions are a pair of innovations: split key encryption and homomorphic key management.
Ariel Dan, Co-Founder and EVP of Porticor Cloud Security added: “In cloud computing there’s a need for a split-knowledge approach. We believe that there’s a need for a sophisticated and cloud-based approach to encryption; for example using split key and homomorphic key management techniques. Split key encryption protects keys and guarantees they remain under customer control and are never exposed in storage; and with homomorphic key encryption, the keys are protected – even while they are in use.”
4. Limit employees’ permissions
In AWS and in enterprise IT departments in general, Schmidt recommends the minimum amount of permissions because “it just makes business sense.” He should know! His background includes over 6 years securing Amazon and a 10 year stint with the FBI before that.
The post AWS Security Tips from Amazon Web Services CISO, Stephen Schmidt appeared first on Porticor Cloud Security.
- Database Security in the Cloud
- Disruptive Innovations and the 'Internet of Things' | @ThingsExpo [#IoT]
- Securing Cloud Data from Cybercrime, Intrusion and Surveillance
- Cloud Computing Security Issues and Challenges By @GiladPN | @CloudExpo [#Cloud]
- MySQL in the Cloud
- Cloud Security – Implementing a Secure Cloud Backup Case Study
- Four Great Tips: Cloud Security for Big Data
- Answering Common Cloud Security Questions from CIOs
- Securing Your ‘Data at Rest’ in the Cloud
- Encrypted Cloud Storage – The Missing Piece