Welcome!

@CloudExpo Authors: Yeshim Deniz, Liz McMillan, Pat Romanski, Elizabeth White, Zakia Bouachraoui

Related Topics: @CloudExpo, Microservices Expo, Cloud Security

@CloudExpo: Blog Post

AWS and Security Issues By @GiladPN | @CloudExpo [#Cloud]

One mistake AWS users make is losing control of the data by ‘allowing Amazon or a third party to control their encryption keys’

Using AWS and Solving All Security Issues

The Amazon Web Services public infrastructure cloud is seeing massive adoption, and for good reason. Using AWS arms companies with advanced infrastructure that, in most cases, they could not possibly achieve in their own datacenters. In fact, According to Gartner, AWS has 5 times more deployed cloud infrastructure as their next 14 competitors have...combined.[1] Customers like Bristol-Myers Squibb, Unilever, and Lionsgate are taking advantage of the broad and deep services of the AWS Cloud to grow their businesses and accelerate innovation.[2]

However, using any public cloud infrastructure still requires proper implementation, especially as regards security concerns; this is true for AWS as much as anyone. An IDG Enterprises survey of 1,500 companies found that two-thirds of IT decision makers see security as the primary barrier to cloud adoption.[3] We asked real companies about the top cloud security mistakes made on AWS and found that many users rely too much on AWS and do not do their own due diligence as it pertains to their own cloud security. These experts revealed what they think are the top cloud security mistakes on the attached infographic.

One of the main mistakes AWS users make is losing control of their data by "allowing Amazon or a third party to control their encryption keys."

Dennis King, of Working Security, agrees that not taking ownership of security is a major mistake. He adds that "Amazon provides security capabilities, but without clear security ownership by the customer, even existing in-house security practices can be overlooked and create significant risk."

If fact, in their own Security Center, Amazon informs customers of the "Shared Responsibility Model." According to AWS, they have secured the underlying infrastructure and done so quite well with security features like:

  • Built-in firewalls
  • Multi-factor authentication
  • Private Subnets
  • Security logs
  • And much more

However, it is the responsibility of each customer to secure anything they put on that infrastructure. They clarify, "This includes your AWS EC2 instances and anything you install on them, any accounts that access your instances, the security group that allows outside access to your instances, the VPC subnet that the instances reside within if you've chosen this option, the external access to your S3 buckets, etc."[4]

Dr. Engin Kirda of Northeastern University and Lastline shares that "the top security mistake made on AWS may still be failing to securely delete sensitive information like passwords... before sharing virtual images..." Dwayne Melancon of Tripwire adds that it is a huge mistake to let hackers benefit from automation by "leaving AWS login credentials in publically readable scripts."

Jeff Huckaby of rackAID shares that the main security issues are those of improper AWS setup. Ari Zoldan of Quantum Networks agrees and adds the need to update AWS setup regularly, "what customers should do is check ‘resource utilization' frequently and then change their setup accordingly."

Danny Gueta of SysAid Technologies and Tal Klein of Adallom both cite major security issues in administrative privileges. Mr. Gueta encourages customers to protect their root user and Mr. Klein urges customers not to make every admin a "Super Admin."

To summarize the advice of all of the experts is to say that while using AWS may be a great move both technically and from a business perspective, it does not mean that you are no longer liable or responsible for security. While securing the infrastructure is a critical task that falls on Amazon, securing your data, apps, and sensitive information is still up to you.

Resources:

  1. Gartner: Amazon still public cloud leader by a long shot
  2. http://aws.amazon.com/resources/gartner-mq-2014-learn-more/
  3. http://www.idgenterprise.com/report/idg-enterprises-cloud-computing
  4. http://aws.amazon.com/security/
  5. Porticor Infographic: Cloud Security Mistakes Made on AWS

More Stories By Gilad Parann-Nissany

Gilad Parann-Nissany, Founder and CEO at Porticor is a pioneer of Cloud Computing. He has built SaaS Clouds for medium and small enterprises at SAP (CTO Small Business); contributing to several SAP products and reaching more than 8 million users. Recently he has created a consumer Cloud at G.ho.st - a cloud operating system that delighted hundreds of thousands of users while providing browser-based and mobile access to data, people and a variety of cloud-based applications. He is now CEO of Porticor, a leader in Virtual Privacy and Cloud Security.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


CloudEXPO Stories
Today, we have more data to manage than ever. We also have better algorithms that help us access our data faster. Cloud is the driving force behind many of the data warehouse advancements we have enjoyed in recent years. But what are the best practices for storing data in the cloud for machine learning and data science applications?
DevOpsSummit New York 2018, colocated with CloudEXPO | DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City. Digital Transformation (DX) is a major focus with the introduction of DXWorldEXPO within the program. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term.
The standardization of container runtimes and images has sparked the creation of an almost overwhelming number of new open source projects that build on and otherwise work with these specifications. Of course, there's Kubernetes, which orchestrates and manages collections of containers. It was one of the first and best-known examples of projects that make containers truly useful for production use. However, more recently, the container ecosystem has truly exploded. A service mesh like Istio addresses many of the challenges faced by developers and operators as monolithic applications transition towards a distributed microservice architecture. A tracing tool like Jaeger analyzes what's happening as a transaction moves through a distributed system. Monitoring software like Prometheus captures time-series events for real-time alerting and other uses. Grafeas and Kritis provide security polic...
CloudEXPO New York 2018, colocated with DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI, Machine Learning and WebRTC to one location.
@DevOpsSummit at Cloud Expo, taking place November 12-13 in New York City, NY, is co-located with 22nd international CloudEXPO | first international DXWorldEXPO and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to wait for long development cycles that produce software that is obsolete at launch. DevOps may be disruptive, but it is essential.