alcide

Alcide Blog

Karine, enter your description here

AWS Security Best Practices

Jun 20, 2018 12:57:14 PM / by Elad Ishay

clouds_cloudsecurity

Photo www.bluecoat.com//Flickr

 

Security is critical to any organization. In the tech world, security can be defined as a set of controls and policies that protect and secure applications, data, and the technological infrastructures they operate on.

Cloud security controls and policies are similar to traditional security controls and policies, with the exception that cloud security can operate at a scale and still remain in the same posture. In the cloud’s shared responsibility model, the security of the cloud rests with the public cloud provider. Security within the cloud rests with the customer. With the physical and hypervisor-level security burden taken away, the customer’s remaining security implementation tasks can be broadly broken down into the following four levels:

  • Cloud Infrastructure Security — security policies and controls implemented on public cloud infrastructure levels such as identity and access management, route tables, and security groups
  • Operating System Security —ensuring that operating system layers are secure and OS patches are regularly applied
  • Application Infrastructure Security —hardening the security of the application framework used (e.g., Apache, Nginx, Tomcat, etc.)
  • Application Security — ensuring that the application is properly designed, developed, and implemented with necessary security controls like SQL injection, encryption, etc

cloud-ops-whitepaper


Amazon Web Services (AWS) is the leader in public cloud provider space. While they do provide multiple security layers and services which help organizations to use and implement their infrastructure directly, organizations will not find one solution or service to meet all of their needs since every organization is different and has its own security and compliance requirements. As a result, security teams should carefully review all the implemented controls to to wisely decide if those are sufficient for their particular needs.

AWS Security Services and Features

AWS provides a catalog of services and features that organizations can use to enhance their security postures without making additional upfront investments. The table below talks about these essential services and their applicability in the organization’s AWS environment.

 

Service/Feature Name

 AWS Security Group

Description

The Security Group acts like a virtual firewall, controlling the traffic going into and out of the instances. It allows users to define the ports on which the instances can receive incoming or outgoing traffic from an IP address, a range, or other instances that are part of another security group. These rules are always permissive and stateful. Multiple security groups can be associated with EC2 instances.

Applicability Area

Network Management



Service/Feature Name

AWS Network Access Control Level (NACL)

Description

This is another virtual firewall that controls the traffic going into and out of the subnets. Each subnet can be associated with one network ACL. Unlike security groups, NACLs are stateless and not permissive, i.e., they can be used to put down DENY rules. Each NACL rule is assigned with a unique number and, on the basis of the numbering, the rules are evaluated.

Applicability Area

Network Management



Service/Feature Name

AWS Identity and Access Management (IAM)

Description

AWS IAM allows users to manage and control access and permissions to AWS resources. It helps grant granular console or API-based access to the users and groups based on the AWS services and resources they have permission to access, create, modify, and delete. Temporary credentials can also be generated to allow access to other AWS services. AWS IAM allows users to specify password policies and improves security by enforcing MFA. AWS IAM can also be linked with corporate identity access management solutions and web identity providers like Google.

Applicability Area

Access Management



Service/Feature Name

AWS Inspector

Description

AWS Inspector is an automated security assessment service that measures and validates the security state of an application deployed on the AWS infrastructure. The security assessment is executed against a defined set of rules, like CIS, and reports on potential gaps in the applications. Deployment pipelines can automatically include security testing as one of the stages.

Applicability Area

 Vulnerability Management


Service/Feature Name

AWS Web Application Firewall (WAF)

Description

AWS WAF is a web application firewall service which protects web applications from malicious requests by applying various security rules like SQL injection, cross-site scripting, and web traffic filtering based on IP and URI headers. AWS WAF is supported in integration with Amazon CloudFront and AWS Application Load Balancers. WAF provides an additional layer of security to the application by accepting all exploit attacks and blocking them at the entrance of the infrastructure.

Applicability Area

Application Security



Service/Feature Name

AWS Macie

Description

AWS Macie is a recently launched security service focused on using machine learning to discover, classify, and protect data stored in AWS. For now, Macie works only with Amazon S3; support for other data stores is reportedly coming soon. Based on the baseline they created, AWS Macie identifies anomalies within the data store, such as how secured data is stored, how data is accessed, and how data is moved and downloaded.

Applicability Area

Data Security



Service/Feature Name

Amazon GuardDuty

Description

GuardDuty is a threat detection service which correlates the logs from sources like CloudTrail, VPCFlowLogs, and DNS logs in order to identify potential threats to the infrastructure. Because anomalies are identified and reported to enhance the security of the infrastructure, these logs are used for machine learning.

Applicability Area

Network Security


Amazon offers additional AWS security services or features which organizations can use to further tighten their security. These include: AWS Shield,AWS CloudHSM, AWS Key Management Service, AWS Secrets Manager, and AWS Certificate Manager.

How Much Security Is Enough?

It is common for members of a security team to wonder if these AWS security services and features are enough. The answer is, "It depends." It depends upon various factors like:

  1. How much time and money the company wants to spend and whether or not the company has a dedicated security team.
  2. The nature of the organization’s business - this will also help to determine how much security is needed. If the company stores confidential data or holds security agreements with its customers, additional security may be necessary.

Security is a process. It should be defined and provided for in every organization’s DNA. Security starts with the physical safety of the office and extends to the engineering team’s device security and the procedures by which confidential credentials are stored. Security includes the infrastructure and application design and implementation. In short, security should be considered everywhere, at all times. Additionally, it is important to consider how the organization captures any drift from their security standards and what methods they use to correct their course when this drift has been identified.

A focus on infrastructure and application security may be a solution for one organization but just a starting point for another. At the same time that a company focuses on hardening the security of a web application, a small mistake in identity management can create a massive security leak. CodeSpaces is an example of this. This company was offering a source code management platform like GitHub or SVN. A hacker accessed their AWS Console and deleted all the S3 buckets, EBS instances, EBS volumes, and snapshots. This security breach led to multiple lawsuits as well as the shut down of the company.

In general, most of the services and features offered by AWS are focused on AWS infrastructure and services running on EC2 instances. When organizations are running container-based or serverless-based infrastructures—which are very different creatures—they need to focus on different strategies.

That's where Alcide fits in. By providing a cloud-native security platform that spans over containers, VMs and serverless architecture, we are able to offer users deep visualization, security policies control and enforcement capabilities to ensure that infrastructure, policies and network activities on the AWS deployment stay compliant. 

Conclusion

It is vital for organizations to invest in security. Security is a continuously evolving process, not a one-time thing which can be put into the environment to make everyone feel safe and secure. Organizations should invest in the right people and focus on building a strong security team. By performing continuous audits and following compliance standards across the environment, skilled security teams can perform effective course corrections. Finally, organizations should have a  breach management process that will mitigate the effects of a security breach.

 

demo-alcide-cloud-workload-protection

 

Topics: AWS, cloud security, security services