The Lighter Side Of The Cloud – Accessories
The Lighter Side Of The Cloud – Scalability
The Lighter Side Of The Cloud – Cloud Holiday
Delivering Data Security In The Amazon Web Services (AWS) Cloud

Delivering Data Security In The Amazon Web Services (AWS) Cloud

Delivering Data Security in the Amazon Web Services (AWS) Cloud

In the past few years, we’ve seen a drastic change in the types of security threats organizations are encountering – and where they’re confronting them. For years, hackers were motivated by a desire for fame, recognition or support for a specific cause, but now it’s turned into a mainstream criminal or government activity.

Today, that has changed. Organized groups understand that data is the new currency and they’re looking for specific data sets that can lead to financial gain or national advantage. Major financial and business institutions are direct targets for government entities on opposite ends of ideological spectrum’s. Manufacturers have become prime targets, as their critical “know-how” – formulas, product plans and other information – are sought. Even online gaming sites have become targets, with criminal organizations targeting them to gain credential sets that can be used to compromise accounts with financial organizations, or to gain access to other targets. It’s a different world from just a few years ago – and sensitive data is the target.

While motivations for attacks have changed, so have the information technology landscape and the attack surface. It is becoming standard practice for organizations to embrace public and private cloud services and environments. But this practice is also leading to what can only be described in some cases as unnecessary risk in the area of cloud security.

Advanced Persistent Threats (APTs) are on every security organization’s mind – and a very likely threat where victimization of ‘high value’ data is common. Victims of these attacks don’t even know that their perimeter security has been penetrated for a startlingly high average of 243 days. These organizations typically all have up-to-date antivirus software – and 100% of breaches involved stolen credentials (Mandiant 2013 Threat Landscape). In this environment, organizations are understandably reluctant to add another potential set of risks by putting critical infrastructure outside their perimeter – in an AWS cloud environment.

In addition to APTs, another threat vector organizations are watching closely is that of the privileged user – either system administrators who can turn rogue or an external threat using stolen credentials. As an example, the risks that can result from privileged users have recently been highlighted by the disclosures of Edward Snowden – as a system administrator he had access to data that should never have been available to someone with his role within the organization. Cloud service providers, such as AWS, result in additional privileged user roles (both within the enterprise, and at the cloud provider), so the focus must be on putting in place controls to prevent these insider threats. By taking a data-centric security strategy, insiders are able to do their jobs without any access to the sensitive data itself. With the risks posed by that of the privileged user, organizations have to wonder – “If I place my data within AWS, won’t even more privileged users (cloud administrators) have access to my data?

AWS snapshots create yet another risk vector. Privileged users that have access to snapshots of EC2 instances, also have access to the sensitive information that they contain. As with other privileged accounts, if they are compromised, or used by a malicious insider, data snapshots create another possible exposure point. The result of this set of risks is that organizations need fundamental questions answered about securing their data when deploying to AWS.

Is it possible to meet compliance requirements when using AWS? How can my organization maintain control of our sensitive data? Will use of AWS increase exposure to the possibility of a data breach? Even within my enterprise, privileged user control can be a problem – Will using AWS increase this risk? Will using AWS increase my APT threat profile?

In order to appropriately answer these questions, and solve the issues they imply, organizations must take a data-centric security strategy for protecting the information accessible through AWS instances. A data-centric solution places the security controls and protections directly around the target – the data. Data-centric solutions protect information with access controls and an enforcement layer – usually encrypting critical data at rest, but only decrypting for authorized users and processes. By protecting the data at the source, you’re essentially putting up a “data firewall” that will ensure criminals don’t walk away with anything of value. Protections must reside at the file system level accessed by your EC2 instances, both local and EBS based. And the solution should also protect data in snapshots, backup location repositories and disaster recovery (DR) locations as well – wherever critical data lives within your AWS implementation.

c-j-radford

By C.J Radford,

C.J. Radford joined Vormetric in March 2013 as vice president of cloud, a newly created leadership position that is tasked with leading the company’s cloud strategy and growth via strategic partnerships with cloud service providers (CSPs). He came to Vormetric from Symantec Corporation, where he spent more than five years driving business development and new strategic growth initiatives within the rapidly evolving CSP market. He holds a bachelor’s degree in business administration from the University of Oregon and an MBA from the University of California, Berkeley.

Follow Us!

CloudTweaks

Established in 2009, CloudTweaks.com is recognized as one of the leading authorities in cloud computing information. Most of the excellent CloudTweaks articles are provided by our own paid writers, with a small percentage provided by guest authors from around the globe, including CEOs, CIOs, Technology bloggers and Cloud enthusiasts. Our goal is to continue to build a growing community offering the best in-depth articles, interviews, event listings, whitepapers, infographics and much more...
Follow Us!

Sorry, comments are closed for this post.

Popular

Cloud Infographic: 2015 Data Scientist

Cloud Infographic: 2015 Data Scientist

Data Scientist Report The amount of data in our world has been exploding in recent years. Managing big data has become an integral part of many businesses, generating billions of dollars of competitive innovations, productivity and job growth. Forecasting where the big data industry is going has become vital to corporate strategy. Enter the Data…

The Future Of Work: What Cloud Technology Has Allowed Us To Do Better

The Future Of Work: What Cloud Technology Has Allowed Us To Do Better

What Cloud Technology Has Allowed Us to Do Better The cloud has made our working lives easier, with everything from virtually unlimited email storage to access-from-anywhere enterprise resource planning (ERP) systems. It’s no wonder the 2013 cloud computing research IDG survey revealed at least 84 percent of the companies surveyed run at least one cloud-based application.…

Cloud Infographic: Cloud Public, Private & Hybrid Differences

Cloud Infographic: Cloud Public, Private & Hybrid Differences

Cloud Public, Private & Hybrid Differences Many people have heard of cloud computing. There is however a tremendous number of people who still cannot differentiate between Public, Private & Hybrid cloud offerings.  Here is an excellent infographic provided by the group at iWeb which goes into greater detail on this subject. Infographic source: iWeb About…

The Cloud Above Our Home

The Cloud Above Our Home

Our Home – Moving All Things Into The Cloud The promise of a smart home had excited the imagination of the movie makers long ago. If you have seen any TV shows in the nineties or before, the interpretation presented itself to us as a computerized personal assistant or a robot housekeeper. It was smart,…

Five Signs The Internet of Things Is About To Explode

Five Signs The Internet of Things Is About To Explode

The Internet of Things Is About To Explode By 2020, Gartner estimates that the Internet of Things (IoT) will generate incremental revenue exceeding $300 billion worldwide. It’s an astoundingly large figure given that the sector barely existed three years ago. We are now rapidly evolving toward a world in which just about everything will become…

Recent

Thinking About Doing Business In China? Consider This…

Thinking About Doing Business In China? Consider This…

Doing Business in China? Consider This…  China’s economy continues to outperform both regional and global markets with double-digit growth for the last decade. IDC believes China’s GDP will maintain growth around 7.2% until 2020, allowing GDP to reach US$18 trillion or 17% of the world total. And with a population of over 1.35 billion people,…

Big Tech Trends For The 21st Century

Big Tech Trends For The 21st Century

Tech Trends For The 21st Century When the historians of the future look back on the 21st century, what will they say? Inevitably, the biggest stories in the coming century will be political and environmental – wars, revolutions, and natural disasters always dominate historical memory. But perhaps more than any previous epoch, the 21st century…

The Lighter Side Of The Cloud – Inferiority Complex

The Lighter Side Of The Cloud – Inferiority Complex

By Al Johnson Are you looking to supercharge your Newsletter, Powerpoint presentation, Social media campaign or Website? Our universally recognized tech related comics can help you. Contact us for information on our commercial licensing rates. About Latest Posts Follow Us!CloudTweaksEstablished in 2009, CloudTweaks.com is recognized as one of the leading authorities in cloud computing information.…

Sponsored Posts

How To Keep A Cloud (And Your Data) Inside Your Borders

How To Keep A Cloud (And Your Data) Inside Your Borders

The Cloud And Your Data One of the greatest challenges for companies considering a move to the cloud is in its very global and seemingly borderless nature. As an Internet-based technology, it is easy to assume that any data sent from A to B can take any one of a thousand paths, routed through cities…

Contact Us

Contact Us
Sending
cisco_logo_100x100 vmware citrix100
Site 24x7 200px-KPMG


Contributor Spotlight

Established in 2009, CloudTweaks is recognized as one of the leading influencers in cloud computing, big data and internet of things (IoT) information. Our goal is to continue to build our growing information portal, by providing the best in-depth articles, interviews, event listings, whitepapers, infographics and much more.

Branded Content Programs

Advertising