AWS tries to keep your applications and data secure by default. However, there is always more you can do to help further protect your AWS apps and data. That’s why it’s important to be aware of all of the available security options and features on AWS.
Below, I outline some major security considerations you should keep in mind when using AWS. I also offer tips for adding more security to your AWS apps.
1. How secure is data in AWS?
AWS operates on a shared responsibility model. This means AWS handles the security of its cloud platform, while you are responsible for the security of your own data within AWS. This includes Identity and Access Management, OS and network-level security, and security for your data in all states. Your data in AWS can be in transit, or at rest. As your data travels to and from S3, for example, it is in transit, and when it is persistently stored or archived in S3 it is at rest. In both these states your data needs to be encrypted for adequate security.
TLS is the secure way to transmit data in transit, and most organizations are comfortable with this. However, data encryption at rest is not as commonly done, though it is equally, if not more, important. Typically, the longer data sits on a physical disk, the more prone it is to vulnerabilities, and this is where data encryption at rest is critical to ensuring a secure system.
Many compliance policies, such as PCI DSS (for online card-based transactions) and HIPAA (for the healthcare industry), require your data to be encrypted at rest. This is done using encryption keys. To enable this, AWS provides a mature key management system with various options for storing and managing your keys. Key management is an important part of your overall security strategy.
2. How do you ward off an attack?
While KMS goes a long way in securing your system, things are bound to go wrong. During a vulnerability, you need a way to respond in real-time, and before an attack escalates. This requires you to continuously scan your AWS resources for threats. Threat intelligence is a necessity for security in AWS, and it’s made possible by the advancement of machine learning algorithms and predictive analytics.
Threat intelligence works by scanning data, both internal (all your AWS resources) and external (from the Internet). The algorithms that process this data require large volumes of data to draw meaningful patterns from, and identify anomalies. For example, an unusual spike in traffic from a particular location, or repeated login attempts are the more obvious patterns. The more difficult to spot are those that are “low and slow.” This could be in the form of DDoS attacks, malware, or even fileless attacks. These attacks are veiled, and often take many months or years before they are discovered.
For example, Specs, a superstore based in Texas, was breached in 2012, and the breach was discovered in 2014. Similarly, Yahoo was breached in 2013, and the breach was discovered in 2016. These kind of attacks can cause not just loss of data, but also result in real loss in revenue, and tarnish the brand for good.
To spot these attacks, you need a threat intelligence tool that performs scanning across all your data (both internal and external) to identify possible vulnerabilities. These tools send you real-time alerts with context. This drastically reduces response times and MTTR (mean time to resolution).
3. Three things you can do to secure your app
With an understanding of how important key management and threat intelligence is to AWS security, let’s look at four ways to secure your AWS resources using them.
A. Cover all the basics of AWS security
AWS has one of the most savvy security professionals on their team, and AWS has a range of security features, some that are provided by default and some optional. The first step is to familiarize yourself with all of them. Here’s a list of the key security features of AWS:
- AWS Identity and Access Management (IAM)
- AWS Inspector
- AWS Web Application Firewall (WAF)
- AWS Key Management Service (KMS)
- Linux DM crypt
The first step to securing your system is to implement these solutions according to best practices. Among these, key management is particularly important for encryption.
B. Choose the right option for key management
Key management can be implemented in many ways, and which one you choose matters. You can allow AWS to encrypt, store, and manage your keys, which is the easiest option. Or you can take the in-between route where you manage the encryption, and simply use S3 to store your encrypted keys. The other option is to use CloudHSM, where you rent a dedicated device that AWS manages, but you manage the encryption of keys. If you are particular about compliance and need more control, you’ll want to go the CloudHSM way, but for most organizations, the AWS-managed route would work best.
C. Use a threat intelligence tool
Following all the AWS security best practices is the minimum necessity. However, it’s not enough. As discussed earlier, you need a threat intelligence solution to cover all the bases. Threat intelligence not only analyzes threats within the system, but also external ones. It can spot issues that other security tools can’t because of the larger scope of data it scans, and the powerful machine learning algorithms it uses to discover abnormal patterns. A threat intelligence platform like CrowdStrike provides endpoint security, which is essential for a cloud environment. SumoLogic has CrowdStrike integrated into its platform, making it easy to bring threat intelligence into your AWS stack.
As AWS remains the leading cloud vendor, your organization will become more and more dependent on AWS for cloud services. It’s vital to make sure your cloud infrastructure in AWS is always secure. This takes following AWS best practices (especially key management) to encrypt data at rest. However, to ward off complex and veiled attacks, you need more than these essentials—You need a threat intelligence platform like CrowdStrike.