Looking for the source of security problems in the cloud? Don’t point fingers at the cloud provider. Security in the cloud is a shared responsibility, with both the cloud provider and the business user contributing to the security effort. Amazon Web Services provides a wide range of tools businesses can leverage to help keep their cloud systems safe.
• Security in AWS starts with the AWS Security Hub, a single dashboard to display security alerts from multiple AWS services. Security Hub also allows you to automate compliance checks against AWS best practices.
• Monitor for malicious activity with Amazon GuardDuty. This threat detection service checks for signs of malicious activity such as unusual API usage or deployments.
• Confirm you’re using best practices with Amazon Inspector. This service identifies vulnerabilities as well as where best practices aren’t being followed. Using Inspector helps avoid common configuration mistakes such as accidentally allowing public internet access to instances.
• Increasing data privacy laws make protecting personally identifiable information (PII) a legal imperative. The Amazon Macie security service uses machine learning to recognize PII and reports potentially unauthorized access and data leaks.
• SSL certificates and encryption keys aren’t always treated as the sensitive data they are. With AWS Certificate Manager and AWS CloudHSM or AWS Key Management Service, you can ensure your certificates and keys are managed securely. AWS Secrets Manager allows you to retain control over other sensitive keys and credentials.
• Cloud hasn’t eliminated the need for security tools like firewalls. AWS Firewall Manager allows you to easily configure and deploy AWS web application firewall rules. AWS Shield lets businesses protect web applications against Distributed Denial of Service attacks.
In order to leverage these tools effectively, businesses need to be aware of the most common cloud security mistakes. These include configuration errors that make resources public; fail to protect account credentials, especially privileged accounts; and failure to set up monitoring tools such as AWS CloudTrail and AWS CloudWatch. Once monitoring tools are set up, businesses need to know what behaviors can signal misuse, such as logs being deleted or many new instances being started.
VAST IT Services provides comprehensive AWS support to help businesses implement a secure Amazon Web Services cloud environment. Contact us to learn how to use the tools AWS provides and fulfil the business side of the cloud security shared responsibility model.