Delivering Data Security In The Amazon Web Services (AWS) Cloud

Delivering Data Security In The Amazon Web Services (AWS) Cloud

Delivering Data Security in the Amazon Web Services (AWS) Cloud

In the past few years, we’ve seen a drastic change in the types of security threats organizations are encountering – and where they’re confronting them. For years, hackers were motivated by a desire for fame, recognition or support for a specific cause, but now it’s turned into a mainstream criminal or government activity.

Today, that has changed. Organized groups understand that data is the new currency and they’re looking for specific data sets that can lead to financial gain or national advantage. Major financial and business institutions are direct targets for government entities on opposite ends of ideological spectrum’s. Manufacturers have become prime targets, as their critical “know-how” – formulas, product plans and other information – are sought. Even online gaming sites have become targets, with criminal organizations targeting them to gain credential sets that can be used to compromise accounts with financial organizations, or to gain access to other targets. It’s a different world from just a few years ago – and sensitive data is the target.

While motivations for attacks have changed, so have the information technology landscape and the attack surface. It is becoming standard practice for organizations to embrace public and private cloud services and environments. But this practice is also leading to what can only be described in some cases as unnecessary risk in the area of cloud security.

Advanced Persistent Threats (APTs) are on every security organization’s mind – and a very likely threat where victimization of ‘high value’ data is common. Victims of these attacks don’t even know that their perimeter security has been penetrated for a startlingly high average of 243 days. These organizations typically all have up-to-date antivirus software – and 100% of breaches involved stolen credentials (Mandiant 2013 Threat Landscape). In this environment, organizations are understandably reluctant to add another potential set of risks by putting critical infrastructure outside their perimeter – in an AWS cloud environment.

In addition to APTs, another threat vector organizations are watching closely is that of the privileged user – either system administrators who can turn rogue or an external threat using stolen credentials. As an example, the risks that can result from privileged users have recently been highlighted by the disclosures of Edward Snowden – as a system administrator he had access to data that should never have been available to someone with his role within the organization. Cloud service providers, such as AWS, result in additional privileged user roles (both within the enterprise, and at the cloud provider), so the focus must be on putting in place controls to prevent these insider threats. By taking a data-centric security strategy, insiders are able to do their jobs without any access to the sensitive data itself. With the risks posed by that of the privileged user, organizations have to wonder – “If I place my data within AWS, won’t even more privileged users (cloud administrators) have access to my data?

AWS snapshots create yet another risk vector. Privileged users that have access to snapshots of EC2 instances, also have access to the sensitive information that they contain. As with other privileged accounts, if they are compromised, or used by a malicious insider, data snapshots create another possible exposure point. The result of this set of risks is that organizations need fundamental questions answered about securing their data when deploying to AWS.

Is it possible to meet compliance requirements when using AWS? How can my organization maintain control of our sensitive data? Will use of AWS increase exposure to the possibility of a data breach? Even within my enterprise, privileged user control can be a problem – Will using AWS increase this risk? Will using AWS increase my APT threat profile?

In order to appropriately answer these questions, and solve the issues they imply, organizations must take a data-centric security strategy for protecting the information accessible through AWS instances. A data-centric solution places the security controls and protections directly around the target – the data. Data-centric solutions protect information with access controls and an enforcement layer – usually encrypting critical data at rest, but only decrypting for authorized users and processes. By protecting the data at the source, you’re essentially putting up a “data firewall” that will ensure criminals don’t walk away with anything of value. Protections must reside at the file system level accessed by your EC2 instances, both local and EBS based. And the solution should also protect data in snapshots, backup location repositories and disaster recovery (DR) locations as well – wherever critical data lives within your AWS implementation.

c-j-radford

By C.J Radford,

C.J. Radford joined Vormetric in March 2013 as vice president of cloud, a newly created leadership position that is tasked with leading the company’s cloud strategy and growth via strategic partnerships with cloud service providers (CSPs). He came to Vormetric from Symantec Corporation, where he spent more than five years driving business development and new strategic growth initiatives within the rapidly evolving CSP market. He holds a bachelor’s degree in business administration from the University of Oregon and an MBA from the University of California, Berkeley.

Follow Us!

CloudTweaks

Established in 2009, CloudTweaks.com is recognized as one of the leading authorities in cloud computing information. Most of the excellent CloudTweaks articles are provided by our own paid writers, with a small percentage provided by guest authors from around the globe, including CEOs, CIOs, Technology bloggers and Cloud enthusiasts. Our goal is to continue to build a growing community offering the best in-depth articles, interviews, event listings, whitepapers, infographics and much more...
Follow Us!
FacebookTwitterLinkedInGoogle+Share

Sorry, comments are closed for this post.

Join Our Newsletter

Receive updates each week on news, tips, events, comics and much more...

Popular

Top Viral Impact

BYOD Will Continue To Define Workplaces In 2014

BYOD Will Continue To Define Workplaces In 2014

BYOD Will Continue To Define Workplaces In 2014 The bring-your-own-device trend has been the subject of scrutiny ever since its initial formation. Given how quickly personal smartphones and tablets became a fixture in everyday life, it makes perfect sense that these mobile machines would slip into workplaces. While BYOD has caused headaches for many businesses,

Cloud Infographic: Most Used Cloud Apps

Cloud Infographic: Most Used Cloud Apps

Cloud app and analytics company, Netskope released its quarterly Cloud Report. The new report reveals that enterprise employees are using an average of 397 different cloud apps (most of which are unsanctioned), when IT estimated they have 40-50 — that’s a tenfold underestimation. Below is an infographic provided courtesy of the group at Netskope which goes into further detail.

Cloud Infographic – The Power Of Cloud Disaster Recovery

Cloud Infographic – The Power Of Cloud Disaster Recovery

Cloud Infographic – The Power Of Cloud Disaster Recovery Preventing a Cloud Disaster is one thing. Recovering from a disaster is a whole other area of concern. Today’s infographic provided by CloudVelox outlines some best practices and safeguards in order to help your business make more informed decisions. About Latest Posts Follow Us!CloudTweaksEstablished in 2009,

Can I Contribute To CloudTweaks?

Yes, much of our focus in 2015 will be on working with other influencers in a collaborative manner. If you're a technology influencer looking to collaborate long term with CloudTweaks – a globally recognized leader in cloud computing information – drop us an email with “tech influencer” in the subject line.

Please review the guidelines before applying.

Whitepapers

Top Research Assets

HP OpenStack® Technology Breaking the Enterprise Barrier

HP OpenStack® Technology Breaking the Enterprise Barrier

Explore how cloud computing is a solution to the problems facing data centers today and highlights the cutting-edge technology (including OpenStack cloud computing) that HP is bringing to the current stage. If you are a CTO, data center administrator, systems architect, or an IT professional looking for an enterprise-grade, hybrid delivery cloud computing solution that’s open,

Public Cloud Flexibility, Private Cloud Security

Public Cloud Flexibility, Private Cloud Security

Public Cloud Flexibility, Private Cloud Security Cloud applications are a priority for every business – the technology is flexible, easy-to-use, and offers compelling economic benefits to the enterprise. The challenge is that cloud applications increase the potential for corporate data to leak, raising compliance and security concerns for IT. A primary security concern facing organizations moving

Hewlett-Packard Company On-Demand Webinar

Hewlett-Packard Company On-Demand Webinar

Shifting Workloads and the Server Evolution Learn more about the latest industry trends and the challenges customers are talking about. Every ten to fifteen years, the types of workloads servers host swiftly shift. This happened with the first single-mission mainframes and today, as disruptive technologies appear in the form of big data, cloud, mobility and