Open in app

Sign in

Write

Sign in

Securing the Cloud: Best Practices for Securing your Data on the Cloud

A Smith
4 min readSep 27, 2019

--

We are now well-versed with the term Cloud-technology. We know how it works and what are its benefits. They are used for multiple purposes in corporate environments, like storing data for services, accessing productivity tools through Microsoft Office 365, and deploying IT infrastructure in Amazon Web Services (AWS).

With cloud services, organizations can move faster, accelerating their business with improved agile technology, with lower costs. But, not everything is not sunshine and roses. The utilization of a cloud service comes piggybacked by challenges and risk of data security in the cloud.

The security of the data that is created in the cloud or sent to the cloud or is downloaded from the cloud is always the responsibility of the cloud customer. And to protect the cloud data requires visibility and control.

Security in Amazon Web Services

When it comes to the public cloud infrastructure-as-a-service (IaaS) market, AWS is the leader in it. It has tons of services to offer with a broad set of global compute, storage, database, analytics, application, and deployment services which helps organizations move faster, lower their IT costs, and scale applications.

There are more than a million active AWS customers reaping the cost and productivity advantages with custom cloud solutions offered to them.. They operate under a shared responsibility model taking care of security ‘of’ the cloud while AWS customers are responsible for security ‘in’ the cloud.

However, the threat is always imminent. No matter how secure a platform is, it can always be compromised

Types of threats

Compromise of AWS:- The company has undoubtedly made heavy investments when it comes to security to protect its platform from intrusion. But, the small possibility that an attacker could compromise an element in the AWS platform and either gain access to data, take an application running on the platform offline, or permanently destroy data, cannot be ignored.

Denial of Service (DoS) attack:- AWS has a sophisticated DoS prevention system in place delivered in AWS Shield for all customers. But, there can definitely be a possibility of a large attack which could overwhelm Amazon’s defenses, taking an application running on the platform offline for a period of time until the attack is remediated.

Insider threats and privileged user threats:- No matter how large or how secure an enterprise is, they always face insider threats and privileged user threats. Such incidents can include both malicious and negligent behavior like taking actions that unintentionally expose data to risk, to employees stealing data before quitting to join a competitor.

Here is your AWS security checklist

We know that Amazon invests heavily in building a powerful set of security controls for its customers and it is up to the customer to make the most of these built-in capabilities.

Here are top best practices security experts recommend that you should follow:

  • Turn on CloudTrail log file validation.
  • Enable CloudTrail multi-region logging.
  • Enable access logging for CloudTrail S3 buckets.
  • Enable access logging for Elastic Load Balancer (ELB).
  • Enable CloudTrail logging across all AWS.
  • Enable Redshift audit logging.
  • Turn on multi factor authentication for the “root” account.
  • Turn on multi-factor authentication for IAM users.
  • Enable IAM users for multi-mode access.
  • Attach IAM policies to groups or roles.
  • Rotate IAM access keys regularly, and standardize on the selected number of days.
  • Require multi factor authentication (MFA) to delete CloudTrail buckets.
  • Don’t use expired SSL/TLS certificates.
  • Encrypt CloudTrail log files at rest.
  • Encrypt Elastic Block Store (EBS) database.
  • Restrict access to CloudTrail bucket.
  • Provision access to resources using IAM roles.
  • Ensure EC2 security groups don’t have large ranges of ports open.
  • Avoid using root user accounts.
  • Use secure SSL ciphers when connecting between the client and ELB.
  • Encrypt Amazon’s Relational Database Service (RDS).
  • Ensure access keys are not being used with root accounts.
  • Use secure CloudFront SSL versions.
  • Minimize the number of discrete security groups.
  • Reduce number of IAM groups.
  • Terminate unused access keys.
  • Disable access for inactive or unused IAM users.
  • Remove unused IAM access keys.
  • Restrict access to EC2 security groups.
  • Restrict access to RDS instances.
  • Restrict access to outbound access.
  • Disallow unrestricted ingress access on uncommon ports.
  • Restrict access to well-known ports such as CIFS, FTP, ICMP, SMTP, SSH, Remote desktop.
  • Involve IT security throughout the development process.
  • Grant the fewest privileges as possible for application users.
  • Enforce a single set of data loss prevention policies across custom applications and all other cloud services.

Conclusion

Cloud services are evolving day by day. And so are the challenges and threats faced by using them. One should stay on top of cloud provider feature updates which involve security, so that as an organization one can adjust the policies accordingly.

Cloud Computing
Cloud Services
Cloud Storage
DevOps

--

--

A Smith
A Smith

Written by A Smith

1.2K Followers
75 Following

Albert Smith is a Digital Marketing Manager with Hidden Brains, a leading enterprise web & mobile app development company specializing in IoT, Cloud & Big Data

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams