Security in the cloud is a partnership between you and the cloud provider. Cloud providers like Amazon Web Services (AWS) offer many features to ensure the security of the services they offer, including environments certified to meet compliance standards like HIPAA and PCI-DSS. However, cloud users still need to take ownership of many aspects of cloud security, including the access control and the security of the applications they install.
Recent incidents where unsecured Kubernetes consoles allowed cryptominers to use AWS instances belonging to Tesla and other companies underscore the importance of understanding your cloud security responsibilities. Just like servers in your data center, your cloud instances can be targeted for cryptomining, ransomware, data theft, and distributed denial of service attacks.
Configuration Errors are Common
The cryptomining takeover was the result of publicly accessible resources that weren't protected by a password. Configuration errors such as this are a common source of cloud vulnerabilities. Amazon's default configuration settings aren't always appropriate for your situation.
Pay attention to configuration details, such as your S3 bucket permissions. Make sure you are granting appropriate permissions and also that logging is enabled. Amazon Machine Images (AMIs) should be made private unless there is some reason for a specific image to be public.
IP-based Security Groups that manage inbound traffic should use specific IP addresses rather than a range of addresses to appropriately limit traffic. User privileges should be managed through Groups, rather than being assigned to individuals. Unneeded privileges and inactive user credentials should be revoked.
Protecting Your AWS Resources
Start by applying the good practices that work on servers in your data center to your instances in Amazon. Keep track of the software installed on your instances and make sure all necessary patches are installed in a timely manner. Make sure you have processes for reviewing user privileges periodically.
Use tools that help you discover resources and automatically apply appropriate security policies to reduce the risk of dangerous configuration oversights. Other tools that monitor network traffic and monitor user behavior let you identify suspicious activity before significant harm occurs.
Amazon provides several tools that are a good starting point for improving the security of your Amazon resources. Amazon Inspector can check your resources and provide security recommendations. Use Amazon's CloudTrail to see the full history of API access to your accounts.
Using these tools effectively requires understanding your Amazon resources, their potential vulnerabilities, and the normal usage patterns. Developing this understanding takes time that overstretched internal technology teams may not have. Managed Amazon Web Services from dcVAST let you leverage our expertise in AWS to make sure configuration errors are not overlooked and all security controls are implemented and monitored. Contact us to learn more about keeping your data and instances secure in AWS.