Delivering Data Security In The Amazon Web Services (AWS) Cloud

Delivering Data Security In The Amazon Web Services (AWS) Cloud

Delivering Data Security in the Amazon Web Services (AWS) Cloud

In the past few years, we’ve seen a drastic change in the types of security threats organizations are encountering – and where they’re confronting them. For years, hackers were motivated by a desire for fame, recognition or support for a specific cause, but now it’s turned into a mainstream criminal or government activity.

Today, that has changed. Organized groups understand that data is the new currency and they’re looking for specific data sets that can lead to financial gain or national advantage. Major financial and business institutions are direct targets for government entities on opposite ends of ideological spectrum’s. Manufacturers have become prime targets, as their critical “know-how” – formulas, product plans and other information – are sought. Even online gaming sites have become targets, with criminal organizations targeting them to gain credential sets that can be used to compromise accounts with financial organizations, or to gain access to other targets. It’s a different world from just a few years ago – and sensitive data is the target.

While motivations for attacks have changed, so have the information technology landscape and the attack surface. It is becoming standard practice for organizations to embrace public and private cloud services and environments. But this practice is also leading to what can only be described in some cases as unnecessary risk in the area of cloud security.

Advanced Persistent Threats (APTs) are on every security organization’s mind – and a very likely threat where victimization of ‘high value’ data is common. Victims of these attacks don’t even know that their perimeter security has been penetrated for a startlingly high average of 243 days. These organizations typically all have up-to-date antivirus software – and 100% of breaches involved stolen credentials (Mandiant 2013 Threat Landscape). In this environment, organizations are understandably reluctant to add another potential set of risks by putting critical infrastructure outside their perimeter – in an AWS cloud environment.

In addition to APTs, another threat vector organizations are watching closely is that of the privileged user – either system administrators who can turn rogue or an external threat using stolen credentials. As an example, the risks that can result from privileged users have recently been highlighted by the disclosures of Edward Snowden – as a system administrator he had access to data that should never have been available to someone with his role within the organization. Cloud service providers, such as AWS, result in additional privileged user roles (both within the enterprise, and at the cloud provider), so the focus must be on putting in place controls to prevent these insider threats. By taking a data-centric security strategy, insiders are able to do their jobs without any access to the sensitive data itself. With the risks posed by that of the privileged user, organizations have to wonder – “If I place my data within AWS, won’t even more privileged users (cloud administrators) have access to my data?

AWS snapshots create yet another risk vector. Privileged users that have access to snapshots of EC2 instances, also have access to the sensitive information that they contain. As with other privileged accounts, if they are compromised, or used by a malicious insider, data snapshots create another possible exposure point. The result of this set of risks is that organizations need fundamental questions answered about securing their data when deploying to AWS.

Is it possible to meet compliance requirements when using AWS? How can my organization maintain control of our sensitive data? Will use of AWS increase exposure to the possibility of a data breach? Even within my enterprise, privileged user control can be a problem – Will using AWS increase this risk? Will using AWS increase my APT threat profile?

In order to appropriately answer these questions, and solve the issues they imply, organizations must take a data-centric security strategy for protecting the information accessible through AWS instances. A data-centric solution places the security controls and protections directly around the target – the data. Data-centric solutions protect information with access controls and an enforcement layer – usually encrypting critical data at rest, but only decrypting for authorized users and processes. By protecting the data at the source, you’re essentially putting up a “data firewall” that will ensure criminals don’t walk away with anything of value. Protections must reside at the file system level accessed by your EC2 instances, both local and EBS based. And the solution should also protect data in snapshots, backup location repositories and disaster recovery (DR) locations as well – wherever critical data lives within your AWS implementation.

c-j-radford

By C.J Radford,

C.J. Radford joined Vormetric in March 2013 as vice president of cloud, a newly created leadership position that is tasked with leading the company’s cloud strategy and growth via strategic partnerships with cloud service providers (CSPs). He came to Vormetric from Symantec Corporation, where he spent more than five years driving business development and new strategic growth initiatives within the rapidly evolving CSP market. He holds a bachelor’s degree in business administration from the University of Oregon and an MBA from the University of California, Berkeley.

About CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in connected technology information and services.

We embrace and instill thought leadership insights, relevant and timely news related stories, unbiased benchmark reporting as well as offer green/cleantech learning and consultive services around the world.

Our vision is to create awareness and to help find innovative ways to connect our planet in a positive eco-friendly manner.

In the meantime, you may connect with CloudTweaks by following and sharing our resources.

View All Articles

Sorry, comments are closed for this post.

Comic
Protecting Devices From Data Breach: Identity of Things (IDoT)

Protecting Devices From Data Breach: Identity of Things (IDoT)

How to Identify and Authenticate in the Expanding IoT Ecosystem It is a necessity to protect IoT devices and their associated data. As the IoT ecosystem continues to expand, the need to create an identity to newly-connected things is becoming increasingly crucial. These ‘things’ can include anything from basic sensors and gateways to industrial controls…

Achieving Network Security In The IoT

Achieving Network Security In The IoT

Security In The IoT The network security market is experiencing a pressing and transformative change, especially around access control and orchestration. Although it has been mature for decades, the network security market had to transform rapidly with the advent of the BYOD trend and emergence of the cloud, which swept enterprises a few years ago.…

The Security Gap: What Is Your Core Strength?

The Security Gap: What Is Your Core Strength?

The Security Gap You’re out of your mind if you think blocking access to file sharing services is filling a security gap. You’re out of your mind if you think making people jump through hoops like Citrix and VPNs to get at content is secure. You’re out of your mind if you think putting your…

How Formal Verification Can Thwart Change-Induced Network Outages and Breaches

How Formal Verification Can Thwart Change-Induced Network Outages and Breaches

How Formal Verification Can Thwart  Breaches Formal verification is not a new concept. In a nutshell, the process uses sophisticated math to prove or disprove whether a system achieves its desired functional specifications. It is employed by organizations that build products that absolutely cannot fail. One of the reasons NASA rovers are still roaming Mars…

Multi-Cloud Integration Has Arrived

Multi-Cloud Integration Has Arrived

Multi-Cloud Integration Speed, flexibility, and innovation require multiple cloud services As businesses seek new paths to innovation, racing to market with new features and products, cloud services continue to grow in popularity. According to Gartner, 88% of total compute will be cloud-based by 2020, leaving just 12% on premise. Flexibility remains a key consideration, and…

Get Ready For Virtual Reality and the Cloud

Get Ready For Virtual Reality and the Cloud

Virtual Reality Cloud We’re lucky to live in an era where virtual reality is no longer relegated to the confines of a sci-fi movie universe. Thanks to technology introduced by products like Oculus Rift, consumers now have access to virtual environments with fully immersive graphic capabilities. As a result, companies have only just begun to…

The Cloud Is Not Enough! Why Businesses Need Hybrid Solutions

The Cloud Is Not Enough! Why Businesses Need Hybrid Solutions

Why Businesses Need Hybrid Solutions Running a cloud server is no longer the novel trend it once was. Now, the cloud is a necessary data tier that allows employees to access vital company data and maintain productivity from anywhere in the world. But it isn’t a perfect system — security and performance issues can quickly…

4 Different Types of Attacks – Understanding the “Insider Threat”

4 Different Types of Attacks – Understanding the “Insider Threat”

Understanding the “Insider Threat”  The revelations that last month’s Sony hack was likely caused by a disgruntled former employee have put a renewed spotlight on the insider threat. The insider threat first received attention after Edward Snowden began to release all sorts of confidential information regarding national security. While many called him a hero, what…

Cloud Infographic – The Internet Of Things In 2020

Cloud Infographic – The Internet Of Things In 2020

The Internet Of Things In 2020 The growing interest in the Internet of Things is amongst us and there is much discussion. Attached is an archived but still relevant infographic by Intel which has produced a memorizing snapshot at how the number of connected devices have exploded since the birth of the Internet and PC.…

Internet Of Things – Industrial Robots And Virtual Monitoring

Internet Of Things – Industrial Robots And Virtual Monitoring

Internet Of Things – Industrial Robots And Virtual Monitoring One of the hottest topics in Information and Communication Technology (ICT) is the Internet of Things (IOT). According to the report of International Telecommunication Union (2012), “the Internet of things can be perceived as a vision with technological and societal implications. It is considered as a…

The Future Of Work: What Cloud Technology Has Allowed Us To Do Better

The Future Of Work: What Cloud Technology Has Allowed Us To Do Better

What Cloud Technology Has Allowed Us to Do Better The cloud has made our working lives easier, with everything from virtually unlimited email storage to access-from-anywhere enterprise resource planning (ERP) systems. It’s no wonder the 2013 cloud computing research IDG survey revealed at least 84 percent of the companies surveyed run at least one cloud-based application.…

15 Cloud Data Performance Monitoring Companies

15 Cloud Data Performance Monitoring Companies

Cloud Data Performance Monitoring Companies (Updated: Originally Published Feb 9th, 2015) We have decided to put together a small list of some of our favorite cloud performance monitoring services. In this day and age it is extremely important to stay on top of critical issues as they arise. These services will accompany you in monitoring…

Utilizing Digital Marketing Techniques Via The Cloud

Utilizing Digital Marketing Techniques Via The Cloud

Digital Marketing Trends In the past, trends in the exceptionally fast-paced digital marketing arena have been quickly adopted or abandoned, keeping marketers and consumers on their toes. 2016 promises a similarly expeditious temperament, with a few new digital marketing offerings taking center stage. According to Gartner’s recent research into Digital Marketing Hubs, brands plan to…

Expert Insights Into The Yahoo Breach

Expert Insights Into The Yahoo Breach

Yahoo Breach Latest reports suggest that the recent Yahoo! data breach may exceed 500 million records, with some sources implying millions more records penetrated, upping the total number of records stolen in various recent hacks to approximately 3.5 billion. CloudTweaks spoke to Kevin O’Brien, CEO of GreatHorn, for expert insight into this latest violation. GreatHorn…

Using Private Cloud Architecture For Multi-Tier Applications

Using Private Cloud Architecture For Multi-Tier Applications

Cloud Architecture These days, Multi-Tier Applications are the norm. From SharePoint’s front-end/back-end configuration, to LAMP-based websites using multiple servers to handle different functions, a multitude of apps require public and private-facing components to work in tandem. Placing these apps in entirely public-facing platforms and networks simplifies the process, but at the cost of security vulnerabilities. Locating everything…

Big Data’s Significant Role In Fintech

Big Data’s Significant Role In Fintech

Data Banking Fintech covers a range of financial fields such as retail banking, investments, and lending and thanks to the mobile and internet innovations of late is a thriving sector. Offering improvements which drive customer satisfaction and education in an area previously inscrutable and dictated by gigantic inflexible corporations, fintech is helping put the power…

Battle of the Clouds: Multi-Instance vs. Multi-Tenant

Battle of the Clouds: Multi-Instance vs. Multi-Tenant

Multi-Instance vs. Multi-Tenant The cloud is part of everything we do. It’s always there backing up our data, pictures, and videos. To many, the cloud is considered to be a newer technology. However, cloud services actually got their start in the late 90s when large companies used it as a way to centralize computing, storage,…

Infographic: 9 Things To Know About Business Intelligence (BI) Software

Infographic: 9 Things To Know About Business Intelligence (BI) Software

Business Intelligence (BI) Software  How does your company track its data? It’s a valuable resource—so much so that it’s known as Business Intelligence, or BI. But using it, integrating it into your daily processes, that can be significantly difficult. That’s why there’s software to help. But when it comes to software, there are lots of…