AWS Security Best Practices

aws security best practices

With the advent of Amazon’s cloud technology, it has become very easy for businesses to be more flexible and enhance the sharing and usage of files and applications.  However, there are certain things that companies need to be aware of when it comes to the security of the cloud.  According to security expert and writer Brian Krebs, it’s increasingly common for hackers to steal files from unsecured AWS accounts and hold them for ransom.  And this is even when a company knows about the risks.

In order to prevent your business from falling victim to hacking or extortion it’s important to follow some important AWS security best practices.

Understand Security Responsibilities

Many Software As A Service providers (SaaS) will handle the security on their end – anything going on in their software will be secured as will the data going to and from.  However, certain cloud technology providers such as Amazon’s AWS leave the security and access controls of the storage up to the users in the “shared responsibility model”.  This means that companies and users are responsible to ensure that their ecosystem in AWS has the proper security setups in place to prevent data breaches.

In one example the company All American Entertainment, a public speaking contractor, had left thousands of speaking contracts in an unsecured Amazon S3 folder.  They were not technically “hacked” in the traditional sense, but the company was publicly exposed as having left secure files out in the open by a security researcher from NightLion Security.

Not all companies end up getting exposed by a “white hat” security researcher, and instead have their files seized and held for ransom by hackers.

Ensure That User Roles Are Defined

Defining user roles is very important for access control.  Taking advantage of temporary access roles in AWS is a great way to ensure that you don’t have to manage a large amount of user roles in the future.

Never share primary AWS access credentials; instead, use the Identity and Access Management (IAM) tools to create unique roles for users.  These various users are then easily managed by the Admin.

Take Advantage Of Multi-Factor Authentication

As a second layer of security it’s a good idea to set up two factor authentication for both the Admin AWS login and the IAM users in your AWS account.

Control S3 Buckets Via IAM Credentials

The default mode for Amazon S3 buckets for cloud storage is to only allow the creator access to them.  Do not make these buckets public, as that means that anyone on the internet can have access to the files. Use IAM credentials to ensure that only proper users have access. If you do need to make them public, ensure that your have a proper reason to do so and that there aren’t any other sensitive files in the bucket.

Make Use Of The AWS Trusted Advisor

The Trusted Advisor is a tool that can let you know of possible misconfigurations of security in your AWS environment. Another great tool that can be helpful is Netflix’s Security Monkey, which monitors AWS accounts for policy changes and can alerts admins of insecure configurations in their setup.

Hire An IT Security Team If You’re Unsure

If you’re not sure that your AWS setup meets proper security guidelines, contact your local IT services company and ask them for a review of your setup.  It’s better to be safe than sorry when it comes to handling sensitive data.  Security breaches can be very costly for companies in terms of both reputation and money.  All forms of hacking and extortion schemes such as tech support phone scams and phishing attempts are getting more and more sophisticated and difficult to detect.

If you’re a San Diego business or company unsure about any of the topics in this post or wondering if your AWS setup is secure, feel free to give AMA Networks a call for a free assessment and to see whether or not we can help you with your cloud security.