Amazon Web Services Cloud Security
According to Verizon’s 2015 Data Breach Investigations Report which sampled 79,790 security incidents from 70 different organizations around the world, there were over 2,122 confirmed data breaches in 2014. A significant majority of them were cloud based, with ultimate financial losses estimated to be over $400 Million, as a result of 700 million compromised records. Although hackers are introducing new techniques to beat emerging security systems, there are a couple of old patterns they’re still using- one of which is targeting top cloud providers by searching for vulnerabilities to capitalize on.
Amazon Web Services, being the top ranked cloud service provider, has been a popular target to hackers, who unfortunately, have successfully infiltrated it on several occasions. One of the biggest, most recent ones is the Heartbleed breach, which not only affected Amazon, but also 17% of the internet web servers. The encryption bug crawled in search of SSL/TLS encrypted passwords and remained undetected for about two years- until Codenomiconon , a security firm, made its existence public in April 2014.
To avoid similar data breaches, AWS has been implementing revised physical, software and hardware security measures and protocols to not only detect and prevent breaches, but also recover from any unfortunate disaster. Additionally, users are required to consider implementing the following to boost their AWS data security.
One of the most popularly used methods of infiltration is password hacking. Protecting your AWS account with a single password, therefore, leaves your account vulnerable to infiltration. To reduce the risk and make it harder for hackers, AWS currently allows its users to protect their accounts with multi-factor authentication. This means using two or more forms of verification to log into and access a system.
To further mitigate this risk, AWS also comes with Hardware Security Module, which is an appliance that you could effectually use to shield the keys that protect your system. It can be strategically placed within its own premises, behind a user’s firewall.
It’s a common misconception that all cloud data is automatically backed up by the service provider. Some users ultimately find out the truth the hard way after their systems have been infiltrated and data stolen. Amazon comes with a variety of flexible backup options to grant users the privilege of dictating their disaster recovery frameworks according to their preferences. S3, DynamoDB and AWS Elastic Block Store, for instance, provide automatic backups, which ultimately allow you to recover in case you lose your data. Glacier, on the other hand, is a low cost back up storage solution with relatively slow data retrieval processes.
Automatic back up however, does not spread to all services. EC2 virtual machine instances, for example, are not integrated with automatic back up operations. You should therefore assess your entire system to determine the mission critical applications which need to be backed up. While some organizations choose to back-up their entire systems to facilitate smooth transitions to secondary systems in case of complete system infiltrations, others choose to focus only the most vital data/processes.
Through data encryption, AWS ensures data is useless to a hacker in case of a successful system infiltration. This limits potential damages and eases disaster recovery processes. One of the encryption systems is the base-level encryption, which primary protects the entire AWS system from potential mass hackers. It’s however ineffective against individual account attacks, making it possible for intruders to retrieve and use data to inflict damage. To prevent this, you could use any of the third party data encryption vendors found on AWS marketplace. Two of the most commonly used services include Vormetric and SafeNet, which provide a wide range of encryption solutions for different data levels.
Web Application Firewall
In addition to your account, attacks are also occasionally directed to individual web applications hosted on various cloud servers. This is a particularly popular tactic employed by hackers because of its considerably high success rate, attributable to users who only secure their accounts with impenetrable authentication protocols but fail to do the same on their applications. To curb this and prevent further attacks, AWS provides its users with a wide range of web application firewall services through its marketplace. Services like AlertLogic and Barracuda are built to monitor individual applications, regular traffic trends and are capable of detecting abnormal behaviors, subsequently averting potential attacks. Choosing and installation of specific firewall services is therefore at your discretion.
Unusual account activity is a critical indicator of unauthorized access and infiltration. Since it’s almost impossible to monitor your own account and track activities, AWS provides a wide range of monitoring tools like CodeSpaces SkyFence, which consistently monitor your entire system for any abnormal activity. This is of course after assessing your normal activity to grasp your daily login patterns and standard processes. To efficaciously prevent avert any potential attacks, Skynet can add management console authentication credentials, shut down user accounts, and request for authorized user approval on any operation. Therefore, in case of any unauthorized access, the monitoring tools will likely pick up unusual activity and implement necessary protocols to block the user and prevent further activities.
Although these features may seem comprehensive and impenetrable, the cloud, including AWS, is still experiencing security threats. As a result, experts are consistently developing new approaches and tools to improve protection and guarantee ultimate data security. It’s therefore advisable to stay up-to-date with developing security news to ensure that your data is always protected by the latest, most efficient tools.
Author: Davis Porter
Image Courtesy: aws.amazon.com