Nowadays security is not just a hot topic in the ICT world, it is a must for every organisation. No system is 100% secure and even the Mac OS, which is perceived as one of the most protected, has seen an increase in attacks.
Symantec 2018 Internet Security Threat Report discloses that:
- 1 in 13 web requests lead to malware
- The increase in new malware on Macs is 80%
- The increase in attacks against IoT devices is 600%
- The increase in mobile malware variants is 54%
- Overall increase in reported vulnerabilities is 13%
The top 4 concerns, when considering the implementation of public cloud according to Cloud Security Report 2018 are:
- Misconfiguration of the cloud platform
- Unauthorized access
- Insecure interface/ APIs
- Hijacking of accounts, services or traffic
“AWS’ highest priority is cloud security. It is a core functional requirement that protects mission-critical information from accidental or deliberate theft, leakage, integrity compromise, and deletion. The AWS security model is based on shared responsibility between AWS and the customers, known as security ‘of’ the Cloud and security ‘in’ the Cloud.” Stated Ivaylo Vrabchev, Senior AWS Consultant & Team Leader at HeleCloud, at the 13thAWS Bulgaria User group meetup.
AWS data centre AWS Security Best Practices and network architecture are built to meet not only global and local security certificates but also the requirements of the most security-sensitive organisations.
The security ‘in’ the cloud, responsibility of the customer, can be categorized in 5 groups: account security and compliance, infrastructure and operating system, logging and monitoring, data security ‘at rest’ and ‘in transit’.
Some of the best AWS security practices Ivaylo Vrabchev shared with the AWS and cloud professionals were:
- When creating an account, provide 3 contacts – one for security, one for operations and one for billing.
- Set a billing alarm – it notifies you when there is a peak in traffic and the amount to be paid is increasing suspiciously fast.
- Configure security checks based on AWS Config and AWS Cloud Watch Alarms.
- Check configuration status in the IAM dashboard – activate MFA on your root account; create individual IAM users; use groups to assign permissions and apply an IAM password policy should be ticked.
- Automate the process of granting revoking permission following the least-privilege model.
- Architect your VPCs with minimum 2 private and 2 public subnets on different availability zones, and put only services that must be accessible from the internet into public subnets.
- Export the logs to an external account to assure maximum security and prevent unauthorized change in the logs.
- Organize periodical security training events and keep the documentation updated.
If you are interested in further AWS best practices, click here and take a look at Ivaylo Vrabchev’s presentation “AWS Security Best Practices“.