Delivering Data Security In The Amazon Web Services (AWS) Cloud

Delivering Data Security In The Amazon Web Services (AWS) Cloud

Delivering Data Security in the Amazon Web Services (AWS) Cloud

In the past few years, we’ve seen a drastic change in the types of security threats organizations are encountering – and where they’re confronting them. For years, hackers were motivated by a desire for fame, recognition or support for a specific cause, but now it’s turned into a mainstream criminal or government activity.

Today, that has changed. Organized groups understand that data is the new currency and they’re looking for specific data sets that can lead to financial gain or national advantage. Major financial and business institutions are direct targets for government entities on opposite ends of ideological spectrum’s. Manufacturers have become prime targets, as their critical “know-how” – formulas, product plans and other information – are sought. Even online gaming sites have become targets, with criminal organizations targeting them to gain credential sets that can be used to compromise accounts with financial organizations, or to gain access to other targets. It’s a different world from just a few years ago – and sensitive data is the target.

While motivations for attacks have changed, so have the information technology landscape and the attack surface. It is becoming standard practice for organizations to embrace public and private cloud services and environments. But this practice is also leading to what can only be described in some cases as unnecessary risk in the area of cloud security.

Advanced Persistent Threats (APTs) are on every security organization’s mind – and a very likely threat where victimization of ‘high value’ data is common. Victims of these attacks don’t even know that their perimeter security has been penetrated for a startlingly high average of 243 days. These organizations typically all have up-to-date antivirus software – and 100% of breaches involved stolen credentials (Mandiant 2013 Threat Landscape). In this environment, organizations are understandably reluctant to add another potential set of risks by putting critical infrastructure outside their perimeter – in an AWS cloud environment.

In addition to APTs, another threat vector organizations are watching closely is that of the privileged user – either system administrators who can turn rogue or an external threat using stolen credentials. As an example, the risks that can result from privileged users have recently been highlighted by the disclosures of Edward Snowden – as a system administrator he had access to data that should never have been available to someone with his role within the organization. Cloud service providers, such as AWS, result in additional privileged user roles (both within the enterprise, and at the cloud provider), so the focus must be on putting in place controls to prevent these insider threats. By taking a data-centric security strategy, insiders are able to do their jobs without any access to the sensitive data itself. With the risks posed by that of the privileged user, organizations have to wonder – “If I place my data within AWS, won’t even more privileged users (cloud administrators) have access to my data?

AWS snapshots create yet another risk vector. Privileged users that have access to snapshots of EC2 instances, also have access to the sensitive information that they contain. As with other privileged accounts, if they are compromised, or used by a malicious insider, data snapshots create another possible exposure point. The result of this set of risks is that organizations need fundamental questions answered about securing their data when deploying to AWS.

Is it possible to meet compliance requirements when using AWS? How can my organization maintain control of our sensitive data? Will use of AWS increase exposure to the possibility of a data breach? Even within my enterprise, privileged user control can be a problem – Will using AWS increase this risk? Will using AWS increase my APT threat profile?

In order to appropriately answer these questions, and solve the issues they imply, organizations must take a data-centric security strategy for protecting the information accessible through AWS instances. A data-centric solution places the security controls and protections directly around the target – the data. Data-centric solutions protect information with access controls and an enforcement layer – usually encrypting critical data at rest, but only decrypting for authorized users and processes. By protecting the data at the source, you’re essentially putting up a “data firewall” that will ensure criminals don’t walk away with anything of value. Protections must reside at the file system level accessed by your EC2 instances, both local and EBS based. And the solution should also protect data in snapshots, backup location repositories and disaster recovery (DR) locations as well – wherever critical data lives within your AWS implementation.


By C.J Radford,

C.J. Radford joined Vormetric in March 2013 as vice president of cloud, a newly created leadership position that is tasked with leading the company’s cloud strategy and growth via strategic partnerships with cloud service providers (CSPs). He came to Vormetric from Symantec Corporation, where he spent more than five years driving business development and new strategic growth initiatives within the rapidly evolving CSP market. He holds a bachelor’s degree in business administration from the University of Oregon and an MBA from the University of California, Berkeley.

Follow Us!


Established in 2009, is recognized as one of the leading authorities in cloud computing information. Most of the excellent CloudTweaks articles are provided by our own paid writers, with a small percentage provided by guest authors from around the globe, including CEOs, CIOs, Technology bloggers and Cloud enthusiasts. Our goal is to continue to build a growing community offering the best in-depth articles, interviews, event listings, whitepapers, infographics and much more...
Follow Us!

Sorry, comments are closed for this post.


At CloudTweaks, we're plugged into the cloud, the internet of things and all that the web has to offer. From wearable technology, to mobile computing, cloud computing and big data, CloudTweaks is your source for updates and news on the most innovative technology.


Top Viral Impact

Cloud Computing Adoption Continues

Cloud Computing Adoption Continues

Cloud Computing Adoption Continues Nowadays, many companies are changing their overall information technology strategies to embrace cloud computing in order to open up business opportunities.  There are numerous definitions of cloud computing. Simply speaking, the term “cloud computing” comes from network diagrams in which cloud shapes are  used to describe certain types of networks. All…

Five Signs The Internet of Things Is About To Explode

Five Signs The Internet of Things Is About To Explode

The Internet of Things Is About To Explode By 2020, Gartner estimates that the Internet of Things (IoT) will generate incremental revenue exceeding $300 billion worldwide. It’s an astoundingly large figure given that the sector barely existed three years ago. We are now rapidly evolving toward a world in which just about everything will become…

2014 Future Of Cloud Computing Survey Results

2014 Future Of Cloud Computing Survey Results

Engine Yard Joins North Bridge Venture Partners, Gigaom Research and Industry Collaborators to Unveil 2014 Future of Cloud Computing Survey Results SAN FRANCISCO, CA–(Marketwired – Jun 25, 2014) – Engine Yard, the leading cloud application management platform, today announced its role as a collaborator in releasing the results of the fourth annual Future of Cloud Computing Survey,…

Cloud Infographic – Cyber Security And The New Frontier

Cloud Infographic – Cyber Security And The New Frontier

Cyber Security: The New Frontier The security environment of the 21st century is constantly evolving, and it’s difficult to predict where the next threats and dangers will come from. But one thing is clear: the ever-expanding frontier of digital space will continue to present firms and governments with security challenges. From politically-motivated Denial-of-Service attacks to…

Cloud Infographic: The Education Of Tomorrow

Cloud Infographic: The Education Of Tomorrow

Cloud Infographic: The Education Of Tomorrow  Online Education is a very exciting topic for many as it opens up many new doors and opportunities. We’ve touched on areas such as Massive Open Online Sources (MOOC) which provides tremendous levels of cloud based interconnectivity. We’ve taken a look into higher education,  the increased demand for online courses as well as…

Featured Sponsors

2015 Advertising Opportunities - Find Out More!

Cloud Logo Sponsors

hp Logo CityCloud-PoweredByOpenstack-Blue square_logo_100x100-01
cisco_logo_100x100 vmware citrix100

Established in 2009, CloudTweaks is recognized as one of the leading influencers in cloud computing, big data and internet of things (IoT) information. Our goal is to continue to build our growing information portal, by providing the best in-depth articles, interviews, event listings, whitepapers, infographics and much more.


CloudTweaks Media
Phone: 1 (212) 763-0021

Join Our Newsletter