Securing Amazon Web Services

On September 17, 2013, Quocirca attended the Amazon Web Services (AWS) Enterprise Summit in London. The rate of growth of the vendor’s online infrastructure is remarkable if its own figures are to be believed. Using itself as a yardstick, AWS says it is adding enough new infrastructure a day to support its Amazon.com retail business as it was in 2003, then worth over $5B (Amazon.com is AWS’s biggest customer).

The event was packed with hundreds of developers and other IT types whose organisations are committed to using AWS’s increasingly broad range of on-demand services at some level. The growing list includes EC2 (compute power), S3 (storage), RDS (database), CloudFront (content delivery). Two recently added ones discussed at the event were RedShift; a data warehousing service, priced at $999 per terabyte per year and Glacier, a backup and archive service priced, at $0.01 per gigabyte per month.

These last two underline why cloud services are becoming so compelling for many business. The economies of scale that cloud service providers can achieve, especially one the size of AWS, can drive down the cost of procuring IT infrastructure so far that the cost of in-house deployments start to look absurd. However, nearly all relevant research reports, including Quocirca’s, show that many are holding back because of the perceived security issues around cloud based services.

AWS is acutely aware of this. There were two keynotes at the London event, one about AWS in general, delivered by Andy Jassy, Senior VP for AWS and the second focused purely on security delivered by Stephen Schmidt, VP Security Engineering and CISO. Schmidt went through many aspects of AWS security including the vigorous data destruction process when hardware is refreshed. He was also careful to point out the shared security model:

AWS takes responsibly for securing its facilitates, server infrastructure, network infrastructure, virtualization infrastructure
The customer is free to choose its operating environment, how it should be configured and set up its own security groups and access control lists.

This all underlines an important finding in a recent Quocirca research report “The adoption of cloud-based services”, which is freely available HERE. Whilst there are many benefits to be had from making use of cloud services, there is a need to invest in improved levels of security and this is exactly what the most progressive users of cloud computing are doing.

The research identified four main groupings of organisations with regard to their attitude to cloud computing. These ranged from “enthusiasts” who belief they should use cloud services whenever possible (22% of the sample), through to “avoiders” that make little use of them (23%). An analysis of the enthusiasts versus avoiders shows that the latter lack confidence in their ability to secure the use cloud services rather than dismissing them outright as a way to deliver their IT requirements.

To overcome these concerns they need to take a leaf out of the enthusiasts’ book. These organizations are far more likely to have put various security measures in place that better facilitate the use for cloud services. For example, 97% of enthusiasts have an identity and access management (IAM) system in place compared to just 26% of avoiders. Interestingly, this is also more likely than not to be a cloud-based IAM service; cloud feeds on cloud!

The net result of all this is that cloud enthusiasts spend a higher proportion of their overall IT budget on security. This reflects two things, first the need just outlined to invest in security to overcome the concerns about using cloud services, second, the use of cloud services will bring down top line IT costs anyway.

Organizations that have the confidence to make widespread use of cloud services will find their IT costs will drop and their businesses will become more competitive as their IT staff focus on application delivery rather than infrastructure management. The ultimate message, upgrade your security and join the party, with AWS or one of the other growing band of cloud service providers.

Securing Amazon Web Services

Bob Tarzey

You may also like

Ransomware Groups Use Cloud Services For Data Exfiltration

AWS: Security Not a Priority For a Third of SMBs

AWS to Mandate Multi-Factor Authentication from 2024

Cloud Security is the Greatest Area of Concern for Cybersecurity Leaders According to EC-Council’s Certified CISO Hall of Fame Report 2023

Understanding the Shared Responsibility Model, Critical Step to Ensure Cloud Security

What’s hot on Infosecurity Magazine?

Apple Issues Emergency Security Update for Actively Exploited Vulnerabilities

BianLian Ransomware Group Adopts New Tactics, Posing Significant Risk

Google OSS-Fuzz Harnesses AI to Expose 26 Hidden Security Vulnerabilities

Lumma Stealer Proliferation Fueled by Telegram Activity

60% of Emails with QR Codes Classified as Spam or Malicious

Chinese APT Group Targets Telecom Firms Linked to Belt and Road Initiative

Palo Alto Networks Confirms New Zero-Day Being Exploited by Threat Actors

CISA Chief Jen Easterly Set to Step Down on January 20

Sitting Ducks DNS Attacks Put Global Domains at Risk

watchTowr Finds New Zero-Day Vulnerability in Fortinet Products

60% of Emails with QR Codes Classified as Spam or Malicious

Swiss Cyber Agency Warns of QR Code Malware in Mail Scam

How to Manage Your Risks and Protect Your Financial Data

New Cyber Regulations: What it Means for UK and EU Businesses

The Future of Fraud: Defending Against Advanced Account Attacks

Learn Key Strategies for Industrial Data Security

How to Pair Threat Hunting and Exploit Intelligence for Better Cybersecurity

CISOs Redefined: External Threats, A Catalyst for Holistic Cybersecurity in 2024

Defenders Outpace Attackers in AI Adoption

ISACA CEO Erik Prusch on AI Fundamentals, Workforce, and Tackling Cybersecurity Challenges

31 New Ransomware Groups Join the Ecosystem in 12 Months

How Belgium's Leonidas Project Boosts National Cyber Resilience

Protecting the Healthcare Supply Chain Against Russian Ransomware Attacks

Snowflake Hacking Suspect Arrested in Canada

Securing Amazon Web Services

Written by

You may also like

What’s hot on Infosecurity Magazine?