For many years, there has been a steady increase in the number of companies adopting cloud technologies and services. In fact, 94% of enterprises already use a cloud service. Amazon Web Services (AWS) is a clear leader in the cloud computing space with nearly 34% of the global market share.
Cloud security company Saviynt recently found among its customers an average of 1,150 misconfigurations in AWS Elastic Compute Cloud (EC2) instances. These misconfigurations can also manifest in the form of exceptions noted during SOC examinations.
The ease of spinning up EC2 instances is coming at the expense of security controls that would otherwise be in place to protect on-premises servers. AWS admins need to use available tools properly to help ensure the logical security of their environments.
1. Understand who is in charge of security
Security is a shared responsibility between a company and AWS. When working with AWS companies should be sure they understand what security controls AWS takes care of and what the company has to configure and apply. Organizations should not assume that the default AWS configurations are appropriate for their workforce.
2. Turn on logging
AWS Cloudtrail is a free service that allows companies to log, continuously monitor, and retain account activity related to actions across their AWS infrastructure. CloudTrail also provides event history of AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. Administrators cannot retroactively turn on CloudTrail. If it is not turned on, an organization is blind to the activity associated with their virtual instances during the course of any future investigations.
3. Use two-factor authentication
With the increase in attacks by cyber criminals, usernames and passwords are not enough. Enforce strong passwords and turn on two-factor authentication to manage AWS instances. For applications, turn on multifactor authentication.
4. Take ROOT seriously
Admins should disable Root API access. No one should be using the AWS root account and associated keys. Instead, use the root user only to create your first Identity and Access Management (IAM) user. In cases where root is absolutely necessary, multifactor authentication should be enabled.
5. Don’t scrimp on encryption
Many organizations do not enable encryption in their AWS infrastructures. Data in Simple Storage Service (S3) should be protected, and traffic between EC2 instances should be secured.
These best practices are not difficult to implement, and they mitigate a large range of potential issues. Companies should ensure they apply the same rigorous controls they have had for on-premises environments to their cloud infrastructures.
Contact our specialist today to continue the conversation and learn more about Incident Response Preparedness.
