Delivering Data Security In The Amazon Web Services (AWS) Cloud

Delivering Data Security In The Amazon Web Services (AWS) Cloud

Delivering Data Security in the Amazon Web Services (AWS) Cloud

In the past few years, we’ve seen a drastic change in the types of security threats organizations are encountering – and where they’re confronting them. For years, hackers were motivated by a desire for fame, recognition or support for a specific cause, but now it’s turned into a mainstream criminal or government activity.

Today, that has changed. Organized groups understand that data is the new currency and they’re looking for specific data sets that can lead to financial gain or national advantage. Major financial and business institutions are direct targets for government entities on opposite ends of ideological spectrum’s. Manufacturers have become prime targets, as their critical “know-how” – formulas, product plans and other information – are sought. Even online gaming sites have become targets, with criminal organizations targeting them to gain credential sets that can be used to compromise accounts with financial organizations, or to gain access to other targets. It’s a different world from just a few years ago – and sensitive data is the target.

While motivations for attacks have changed, so have the information technology landscape and the attack surface. It is becoming standard practice for organizations to embrace public and private cloud services and environments. But this practice is also leading to what can only be described in some cases as unnecessary risk in the area of cloud security.

Advanced Persistent Threats (APTs) are on every security organization’s mind – and a very likely threat where victimization of ‘high value’ data is common. Victims of these attacks don’t even know that their perimeter security has been penetrated for a startlingly high average of 243 days. These organizations typically all have up-to-date antivirus software – and 100% of breaches involved stolen credentials (Mandiant 2013 Threat Landscape). In this environment, organizations are understandably reluctant to add another potential set of risks by putting critical infrastructure outside their perimeter – in an AWS cloud environment.

In addition to APTs, another threat vector organizations are watching closely is that of the privileged user – either system administrators who can turn rogue or an external threat using stolen credentials. As an example, the risks that can result from privileged users have recently been highlighted by the disclosures of Edward Snowden – as a system administrator he had access to data that should never have been available to someone with his role within the organization. Cloud service providers, such as AWS, result in additional privileged user roles (both within the enterprise, and at the cloud provider), so the focus must be on putting in place controls to prevent these insider threats. By taking a data-centric security strategy, insiders are able to do their jobs without any access to the sensitive data itself. With the risks posed by that of the privileged user, organizations have to wonder – “If I place my data within AWS, won’t even more privileged users (cloud administrators) have access to my data?

AWS snapshots create yet another risk vector. Privileged users that have access to snapshots of EC2 instances, also have access to the sensitive information that they contain. As with other privileged accounts, if they are compromised, or used by a malicious insider, data snapshots create another possible exposure point. The result of this set of risks is that organizations need fundamental questions answered about securing their data when deploying to AWS.

Is it possible to meet compliance requirements when using AWS? How can my organization maintain control of our sensitive data? Will use of AWS increase exposure to the possibility of a data breach? Even within my enterprise, privileged user control can be a problem – Will using AWS increase this risk? Will using AWS increase my APT threat profile?

In order to appropriately answer these questions, and solve the issues they imply, organizations must take a data-centric security strategy for protecting the information accessible through AWS instances. A data-centric solution places the security controls and protections directly around the target – the data. Data-centric solutions protect information with access controls and an enforcement layer – usually encrypting critical data at rest, but only decrypting for authorized users and processes. By protecting the data at the source, you’re essentially putting up a “data firewall” that will ensure criminals don’t walk away with anything of value. Protections must reside at the file system level accessed by your EC2 instances, both local and EBS based. And the solution should also protect data in snapshots, backup location repositories and disaster recovery (DR) locations as well – wherever critical data lives within your AWS implementation.

c-j-radford

By C.J Radford,

C.J. Radford joined Vormetric in March 2013 as vice president of cloud, a newly created leadership position that is tasked with leading the company’s cloud strategy and growth via strategic partnerships with cloud service providers (CSPs). He came to Vormetric from Symantec Corporation, where he spent more than five years driving business development and new strategic growth initiatives within the rapidly evolving CSP market. He holds a bachelor’s degree in business administration from the University of Oregon and an MBA from the University of California, Berkeley.

About CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in connected technology information and services.

We embrace and instill thought leadership insights, relevant and timely news related stories, unbiased benchmark reporting as well as offer green/cleantech learning and consultive services around the world.

Our vision is to create awareness and to help find innovative ways to connect our planet in a positive eco-friendly manner.

In the meantime, you may connect with CloudTweaks by following and sharing our resources.

View All Articles

Sorry, comments are closed for this post.

Comic
How The Cloud Is Changing Online Education

How The Cloud Is Changing Online Education

Online Education Growth There’s no doubt that the internet has changed the face of education over the last two decades. In fact, by some estimates more than 80 percent of college students expect to take at least some — if not all of their courses — online. Thousands of people have earned degrees without ever…

Investing In The Future With The Introduction of Sage Cloud

Investing In The Future With The Introduction of Sage Cloud

CHICAGO, IL–(Marketwired – Jul 26, 2016) – Sage, a market leader in cloud accounting software, announced today at Sage Summit 2016 its strong commitment to future technologies, with a focus on new and existing partnerships that power business growth. Revealed during CEO Stephen Kelly’s keynote address, which opened the world’s largest gathering of entrepreneurs and…

2016 Tour de France: Racing With Big Data

2016 Tour de France: Racing With Big Data

2016 Tour de France The 2016 Tour de France has just concluded, with Chris Froome (SKY) taking his third overall win. Not the kind of event we often focus on here at CloudTweaks, but Dimension Data has put its analytics technology to use tracking the journeys of each rider across all 21 stages, and their…

Ransomware: A Digital Pandemic – Is There A Cure?

Ransomware: A Digital Pandemic – Is There A Cure?

The Rise Of Ransomware You can imagine the scene: you’ve just completed that business plan and a set of accounts. Finally, it’s done and saved, ready for a final read through and to be sent out to your contact list. And right when you’re ready to click “Send”, the next thing you see on the…

Martech In A Content Crazed World

Martech In A Content Crazed World

Content Crazed World Everywhere you look there are pop-up ads and offers, at times it can feel like overload. What used to be a few online ads on websites has now grown into a wild world of offers that consume your every device. These advancements in marketing technology can not only be overwhelming to the…

Despite Record Breaches, Secure Third Party Access Still Not An IT Priority

Despite Record Breaches, Secure Third Party Access Still Not An IT Priority

Secure Third Party Access Still Not An IT Priority Research has revealed that third parties cause 63 percent of all data breaches. From HVAC contractors, to IT consultants, to supply chain analysts and beyond, the threats posed by third parties are real and growing. Deloitte, in its Global Survey 2016 of third party risk, reported…

Adopting A Cohesive GRC Mindset For Cloud Security

Adopting A Cohesive GRC Mindset For Cloud Security

Cloud Security Mindset Businesses are becoming wise to the compelling benefits of cloud computing. When adopting cloud, they need a high level of confidence in how it will be risk-managed and controlled, to preserve the security of their information and integrity of their operations. Cloud implementation is sometimes built up over time in a business,…

Are CEO’s Missing Out On Big Data’s Big Picture?

Are CEO’s Missing Out On Big Data’s Big Picture?

Big Data’s Big Picture Big data allows marketing and production strategists to see where their efforts are succeeding and where they need some work. With big data analytics, every move you make for your company can be backed by data and analytics. While every business venture involves some level of risk, with big data, that risk…

Do Not Rely On Passwords To Protect Your Online Information

Do Not Rely On Passwords To Protect Your Online Information

Password Challenges  Simple passwords are no longer safe to use online. John Barco, vice president of Global Product Marketing at ForgeRock, explains why it’s time the industry embraced more advanced identity-centric solutions that improve the customer experience while also providing stronger security. Since the beginning of logins, consumers have used a simple username and password to…

Are Women Discriminated Against In The Tech Sector?

Are Women Discriminated Against In The Tech Sector?

Women Discriminated Against In Tech Sector It is no secret that the tech industry is considered sexist since most women are paid less than men; there are considerably fewer women in tech jobs; and generally men get promoted above women. Yet the irony is twofold. Firstly, there is an enormous demand for employees with skills…

Containerization: The Bold Face Of The Cloud In 2016

Containerization: The Bold Face Of The Cloud In 2016

Containerization And The Cloud “Right now, the biggest technology shift in the cloud is a rapid evolution from simple virtual machine (VM) hosting toward containerization’’ says the CTO of Microsoft Azure, Mark Russinovitch, a man who deals with the evolving cloud infrastructure every day. In his words, containerization is “an incredibly efficient, portable, and lightweight…

6 Tech Predictions To Have A Major Impact In 2016

6 Tech Predictions To Have A Major Impact In 2016

6 Tech Predictions To Have A Major Impact The technology industry moves at a relentless pace, making it both exhilarating and unforgiving. For those at the forefront of innovation it is an incredibly exciting place to be, but what trends are we likely to see coming to the fore in 2016? Below are six predictions…

15 Cloud Data Performance Monitoring Companies

15 Cloud Data Performance Monitoring Companies

Cloud Data Performance Monitoring Companies (Updated: Originally Published Feb 9th, 2015) We have decided to put together a small list of some of our favorite cloud performance monitoring services. In this day and age it is extremely important to stay on top of critical issues as they arise. These services will accompany you in monitoring…

Cloud Computing Checklist For Startups

Cloud Computing Checklist For Startups

Checklist For Startups  There are many people who aspire to do great things in this world and see new technologies such as Cloud computing and Internet of Things as a tremendous offering to help bridge and showcase their ideas. The Time Is Now This is a perfect time for highly ambitious startups to make some…

Digital Marketing Driven by Cloud, Big Data and IoT

Digital Marketing Driven by Cloud, Big Data and IoT

Digital Marketing Successful digital marketing campaigns are being driven largely by trending technologies, specifically the Internet of Things (IoT), Big Data, and The Cloud. These may be used for a huge number of marketing applications, from optimizing the performance of sports teams to improving science and research, even helping to aid law enforcement. Amazon Web…