According to AWS Shared responsibility model, Cloud Security is a “shared responsibility”
The ease of opening an account, and provisioning compute resources on AWS makes it very appealing for new customers to join the bandwagon of cloud adopters and start deploying their applications/data on the most successful public cloud provider.
However, cloud security is a shared responsibility between AWS and the customer. In short, the “security of the cloud” is AWS’s responsibility, but “security in the cloud” is the customer’s. This means that the customer is responsible for setting up the security on their cloud infrastructure as per their business and compliance requirements, i.e. the security of the applications and data deployed on the cloud.
This could be a huge undertaking depending on the security business requirements of the customer signing up for AWS. For example, a simple and static informative website may not require much security built around it whereas an interactive application for a hospital will need to have the best security measures implemented for the software and data storage, in addition to meeting all regulatory requirements.
AWS Shared Responsibility Model
Below are some of the areas that need to be considered to make your applications secure and comply with legal requirements:
Networking and Application
Depending on your organization’s compliance and business protection requirements, your application security and infrastructure teams will need to hash out a plan to ensure that the right tools are deployed and appropriate configuration settings are set to secure your applications and networks. For example, your team will need to set up a security group for each of your databases to ensure that only the traffic from designated servers can be routed to them.
Provisioning an AWS EC2 is extremely easy, but securing this EC2 from any bad actors requires a deep understanding of EC2 security and options. For example, you must support TLS to make API calls to access EC2, set up security groups to enforce network traffic rules, etc. There are dozens of other items your team will need to configure to ensure the security of your EC2 instances. Check out AWS EC2 security pages.
Just like all the other services, AWS provides the best security tools and configuration settings for you to protect your customer’s data during transit and while at rest. All security tools are available for you to deploy, but as a customer, it’s your responsibility to decide what to use and how much to use. For this, your team also would require lots of cloud data security experience and will need to be very diligent while designing the cloud infrastructure.
Identity and Access Management
You can deploy all security settings and tools around your applications, operating systems, and data, but if you don’t monitor “who has access to what?”, you still end up having the bad actors getting access to your applications and data. Over the years we have seen organizations not doing enough in this area, for example, employees who had left the companies months or even years ago still had access to production systems. No one had ever taken their access away. Proper implementation of IAM policies and tools is of paramount importance for companies to take advantage of security tools available on AWS. AWS IAM security best practices guide can be consulted for further information.
Above are some of the areas mentioned to bring your attention to the importance of the fact that each customer needs to take cloud security very seriously. There may be tools available out there that can do the security scan for your cloud accounts, but they still can’t cover everything that needs to be considered to put an iron cage around your cloud infrastructure.
You can review complete documentation on AWS Shared Responsibility Model here. There is another AWS Security by Category document showing security documentation by category.
Our team of experts at High Plains Computing specializes in completing AWS cloud infrastructure security reviews, providing you with a comprehensive list of recommendations to plug the holes and further secure your AWS infrastructure.
Committed to Delivering the best
Thousands of AWS and CNCF-certified Kubernetes solution partners have unique expertise and focus areas. Our focus is on best practices in security, automation, and excellence in Cloud operations.
Please reach out to us if you have any questions.