With a market share of 33 percent, (1) Amazon Web Services is by far today’s most popular cloud infrastructure service solution, Synergy Research Group data shows. To keep their AWS data secure from cyber vulnerability risks, many companies turn to third-party solutions such as Threat Stack, which provides a cloud-native platform for managing security. But before investing in a third-party information security solution, make sure you’re using the nativeAWS security and InfoSec features(2) that are provided.
Benefits of AWS Security
Cost-efficiency is probably the most attractive benefit of AWS for cash-strapped start-ups, and the platform also boasts excellent usability, flexibility, scalability, and reliability. But what many start-ups may not realize is that AWS also stands out for its security benefits. As Peter Parker points out in 4 Steps to Cloud Security on a Start-up Budget,(3) start-ups typically lack the financial resources to invest in robust in-house network security, but tapping into the resources of a large provider such as AWS is a way around this obstacle.
As today’s largest cloud IaaS provider, Amazon maintains a team of full-time security professionals that do extensive penetration testing to make sure their services meet a wide range of compliance requirements, so when you use AWS, many rigorous cybersecurity measures are already built in. Letting Amazon do the heavy lifting for your information security is the most efficient and cost-efficient way to keep your data safe from cyber attack.
One built-in AWS tool you should be sure to utilize is Amazon Inspector.(4) Inspector secures apps you use on AWS by running automated security assessments to identify vulnerabilities. Assessments are made based on a knowledge base of rules that is continually updated by AWS security researchers. After performing an assessment, Inspector provides a list of findings prioritized by severity level. You can view these findings directly or by reviewing reports accessible through the Inspector console or API.
The API allows you to build Inspector into your existing DevOps process. Using inspector helps you avoid introducing new cyber vulnerability openings during development and deployment, while making it easier to meet compliance standards and enforce your company’s security policies.
Availability Zones(5) are another important built-in security feature you should be sure to take advantage of. When you set up a virtual server instance in your AWS Management Console and choose your components, you will initially be asked to select a region, which defines the physical location where your instance will be hosted. Each region in turn has multiple, isolated locations called Availability Zones, which are each backed by one or more data centers, with the largest ones backed by five centers.(6)
As certified AWS solutions architect Ernesto Marquez explains,(7) the region and Zones you select can affect a number of aspects of your AWS security operations, including proximity to your end users, speed, feature availability, and cost. Your decision can also affect your security. If you host all your instances in a single location that is affected by a disaster, the availability of your instances may be affected. You have the option of creating one or more backup instances of your server in different Availability Zones for security.
AWS Identity and Access Management (IAM) also lets you control who can access your server by allowing you to set up identity-based and resource-based permissions.(8) Identity-based permissions define what a user, group, or role can do, while resource-based permissions define who can access a resource and what operations they can perform on it.
By default, users have no permissions until you assign them. Secure your server by restricting permission to only those who truly need them. For maximum security, avoid user accounts entirely whenever possible.
Other Security Features
In addition to the above security features, AWS has other built-in tools(9) you can deploy. These include encryption tools, Hardware Security Modules to store private keys, certificate management, and web application firewalls. Amazon’s website provides a guide to additional AWS security resources.(10)
Your AWS security strategy should be part of a broader risk management strategy that includes other technology risks, as well as market and execution risks. For more tips on how to integrate your security strategy into a comprehensive risk management strategy, see Telegraph Hill founder David Brian Ward’s article on Minimal Viable Information Security.(11)