Securing Amazon Web Services

On September 17, 2013, Quocirca attended the Amazon Web Services (AWS) Enterprise Summit in London. The rate of growth of the vendor’s online infrastructure is remarkable if its own figures are to be believed. Using itself as a yardstick, AWS says it is adding enough new infrastructure a day to support its Amazon.com retail business as it was in 2003, then worth over $5B (Amazon.com is AWS’s biggest customer).

The event was packed with hundreds of developers and other IT types whose organisations are committed to using AWS’s increasingly broad range of on-demand services at some level. The growing list includes EC2 (compute power), S3 (storage), RDS (database), CloudFront (content delivery). Two recently added ones discussed at the event were RedShift; a data warehousing service, priced at $999 per terabyte per year and Glacier, a backup and archive service priced, at $0.01 per gigabyte per month.

These last two underline why cloud services are becoming so compelling for many business. The economies of scale that cloud service providers can achieve, especially one the size of AWS, can drive down the cost of procuring IT infrastructure so far that the cost of in-house deployments start to look absurd. However, nearly all relevant research reports, including Quocirca’s, show that many are holding back because of the perceived security issues around cloud based services.

AWS is acutely aware of this. There were two keynotes at the London event, one about AWS in general, delivered by Andy Jassy, Senior VP for AWS and the second focused purely on security delivered by Stephen Schmidt, VP Security Engineering and CISO. Schmidt went through many aspects of AWS security including the vigorous data destruction process when hardware is refreshed. He was also careful to point out the shared security model:

AWS takes responsibly for securing its facilitates, server infrastructure, network infrastructure, virtualization infrastructure
The customer is free to choose its operating environment, how it should be configured and set up its own security groups and access control lists.

This all underlines an important finding in a recent Quocirca research report “The adoption of cloud-based services”, which is freely available HERE. Whilst there are many benefits to be had from making use of cloud services, there is a need to invest in improved levels of security and this is exactly what the most progressive users of cloud computing are doing.

The research identified four main groupings of organisations with regard to their attitude to cloud computing. These ranged from “enthusiasts” who belief they should use cloud services whenever possible (22% of the sample), through to “avoiders” that make little use of them (23%). An analysis of the enthusiasts versus avoiders shows that the latter lack confidence in their ability to secure the use cloud services rather than dismissing them outright as a way to deliver their IT requirements.

To overcome these concerns they need to take a leaf out of the enthusiasts’ book. These organizations are far more likely to have put various security measures in place that better facilitate the use for cloud services. For example, 97% of enthusiasts have an identity and access management (IAM) system in place compared to just 26% of avoiders. Interestingly, this is also more likely than not to be a cloud-based IAM service; cloud feeds on cloud!

The net result of all this is that cloud enthusiasts spend a higher proportion of their overall IT budget on security. This reflects two things, first the need just outlined to invest in security to overcome the concerns about using cloud services, second, the use of cloud services will bring down top line IT costs anyway.

Organizations that have the confidence to make widespread use of cloud services will find their IT costs will drop and their businesses will become more competitive as their IT staff focus on application delivery rather than infrastructure management. The ultimate message, upgrade your security and join the party, with AWS or one of the other growing band of cloud service providers.

Securing Amazon Web Services

Bob Tarzey

You may also like

AWS: Security Not a Priority For a Third of SMBs

AWS to Mandate Multi-Factor Authentication from 2024

Cloud Security is the Greatest Area of Concern for Cybersecurity Leaders According to EC-Council’s Certified CISO Hall of Fame Report 2023

Understanding the Shared Responsibility Model, Critical Step to Ensure Cloud Security

Organizations Warned of New Attack Vector in Amazon Web Services

What’s hot on Infosecurity Magazine?

US and Israel Warn of Iranian Threat Actor’s New Tradecraft

FIN7 Gang Hides Malware in AI “Deepnude” Sites

CISA Warns of Critical Software Vulnerabilities in Industrial Devices

CISA Launches First International Cybersecurity Plan

New Xiu Gou Phishing Kit Targets US, Other Countries with Mascot

Canadian Government Data Stolen By Chinese Hackers

CISA Launches First International Cybersecurity Plan

North Korean Hackers Collaborate with Play Ransomware

How Belgium's Leonidas Project Boosts National Cyber Resilience

US and Israel Warn of Iranian Threat Actor’s New Tradecraft

Suspicious Social Media Accounts Deployed Ahead of COP29

Chenlun’s Evolving Phishing Tactics Target Trusted Brands

How to Proactively Remediate Rising Web Application Threats

The Future of Fraud: Defending Against Advanced Account Attacks

How to Manage Your Risks and Protect Your Financial Data

New Cyber Regulations: What it Means for UK and EU Businesses

Adapting to Tomorrow's Threat Landscape: AI's Role in Cybersecurity and Security Operations in 2024

Learn Key Strategies for Industrial Data Security

#CyberMonth: Software Updates, A Double-Edged Sword for Cybersecurity Professionals

Russia's SVR Targets Zimbra, TeamCity Servers for Cyber Espionage

#CyberMonth: How to Outsmart Novel Phishing Tactics and Techniques

Ivanti: Three CSA Zero-Days Are Being Exploited in Attacks

#CyberMonth: How to Protect Your Digital Life, Six Ways to Stay Safe Online

31 New Ransomware Groups Join the Ecosystem in 12 Months

Securing Amazon Web Services

Written by

You may also like

What’s hot on Infosecurity Magazine?