Protecting Your Amazon Web Services Cloud

Businesses’ use of cloud computing has accelerated at a rapid pace. Let’s face it, cloud computing offers many benefits that traditional IT simply cannot match. Reduced software licensing costs, enhanced accessibility and collaboration, process streamlining and a reduction of hardware costs are just a few of the reasons companies are moving to the cloud. However, as more companies make the move there is an increasing focus on data security. Companies are seeking new ways to meet the threats of data breach and destruction.

Earlier this year, a company using Amazon Web Services (AWS) cloud computing platform was the victim of a breach. In this instance, the hackers not only took the data but also demanded ransom for its safe return. The episode ended with all the data being deleted when the company tried to stop the attack. Unfortunately, due to this incident the company eventually went out of business. While this is an extreme example it does make one wonder how they can protect their data on the AWS cloud.

The good news is there are a number of tools available through AWS to enhance security. To help clients, prospects and others understand how to manage their cloud security to prevent hacks and unauthorized access; Holtzman Partners has compiled a list of key cloud security tips.

Key Tips for Securing Your AWS Cloud:

  • Utilize Multifactor Authentication – A common security method to prevent unauthorized access to data is multifactor authentication. This process requires a user to present two forms of information to obtain access to protected data. Generally speaking, the user enters user created credentials (user name and password) and then a second set of credentials generated by an authentication service. (Note that AWS offers a free multifactor authentication service). Only when both pieces of information have been correctly identified will the user obtain access. This ensures that even if user level credentials have been compromised unauthorized access will not be granted.
  • Encrypt your Data – This is an important step to ensuring data is not damaged/destroyed even if unauthorized access occurs in your AWS account. Encrypting the data on your AWS account will mean it is protected from modification and other malicious behavior. While AWS does provide some encryption services they are focused more on providing protection from a mass attack rather than protection when an individual account is hacked. As a result, it’s important to implement data encryption on the account level as well. There are several vendors who offer solutions accessible through the AWS marketplace.
  • Data Backups – This is a common tip for keeping any electronic data safe, and it’s just as important for the cloud. By conducting regular backups the information compromised can be quickly and easily restored with minimal downtime.
  • Restrict Access by Role –Individuals should have their access restricted to the least amount required to complete their job responsibilities. While it may be easier to grant everyone on the team access to everything, in the event of an account-level breach, you are guaranteeing an intruder will have access to everything. Consider using Identity and Access Management (IAM) roles. This not only protects your account but also limits the access users have to just the information and access levels they need to complete their work.
  • Change Credentials Regularly – While this may seem like a common sense security tip it’s often the most overlooked. Change the passwords and access keys regularly and ensure that all users in the account are doing the same as well. This is essential because if a password is breached without any knowledge this change will limit how long the unauthorized access can be maintained and limit corresponding issues.
  • Monitor the Cloud – Although it’s important to focus on preventing unauthorized access it’s also important to monitor the cloud to prevent malicious behavior in the event a breach has occurred. AWS offers a number of tools to help track and monitor cloud performance. When developing a monitoring program it’s important to establish which variables to monitor. For example, consider watching login times and IP addresses. If they appear unusual this may be a sign that there is unwanted behavior happening in your account.

Was this helpful? Share to your network.