The market share data posted on several websites indicate that many enterprises prefer Amazon Web Services (AWS) to other public cloud platforms. AWS provides a number of features to keep the business resources secure and meet compliance requirements. It has been rolling out new security control mechanisms and tools regularly to improve user management, deploy code securely, tackle AWS cloud security risks and access AWS services safely.
Recently, AWS rolled out a new security service called – Amazon Macie that uses machine learning to prevent data loss by discovering, classifying, and protecting sensitive data in AWS automatically. But the enterprises still need to take a number of steps to strengthen cloud security and prevent security attacks. It is also important for enterprises to know the common AWS security risks to use the security control mechanisms provided by AWS more effectively.
7 Most Common AWS Cloud Security Risks Enterprises Must Avoid
1) Excess Privileges and Access Right Granted to Users
The Identity and Access Management (IAM) web service provided by AWS helps enterprises to control the way users access and control AWS resources. IAM further makes it easier for administrators to create and manage privileges for individual AWS users. The administrator can also grant permission to users to access the data objects stored in layers through the Simple Storage Service (S3). But the administrators often cause cloud security issues by grading excess privileges and access rights to individual users. The administrator needs to ensure that no unnecessary permission to granted to individual users. Likewise, he needs to remove inactive users, review permissions, and rotate credentials on a regular basis.
2) Lack of Security Invisibility
The enterprise data and resources stored on AWS are accessed by a large number of people across the organisation. No administrator can monitor the resources accessed by individual users on a daily basis. Hence, he cannot detect the malicious activities and unauthorized data access on time, which increases AWS cloud security risks. But he can focus on security visibility on AWS to detect malicious user activities immediately. In addition to detecting malicious user activities by analyzing the logs, the administrator also needs to check if a specific malicious activities or security attack is being carried out at specific time and on specific servers. At the same time, the administrator must focus on the internal activities that lead to security issues – abnormal login attempts, unusual network activity, important file changes, and unauthorized installations.
3) Not Implementing Data Protection Mechanism
Often enterprises forget that data protection and information security is not the sole responsibility of the cloud vendor. They do not take advantage of the robust security control mechanisms provided by the cloud vendor to optimize data protection and prevent data breaches. Various AWS services – S3, EBS and RDS – provide a number of features to protect data and prevent data breaches. But administrators often ignore the significance of availing and implementing the security mechanisms. They can easily improve data protection by implementing the security features provided by AWS – access permission, encryption, replication, versioning, backup and data integrity authentication. Likewise, they need to use encryption technologies to keep the data secure during transmission.
4) Misconfiguring Security Groups
AWS allows administrators to control traffic flow across instances by using security groups as virtual firewall. Each time an instance is launched, it needs to be associated with specific security groups. The administrators often ignore the significance of keeping the instances secure and isolated through security group configuration. The security group misconfiguration leads to a number of performance issues including timeout and service unavailability. An administrator also has option to associate a single instance with multiple security groups. The association makes it difficult to manage and monitor the related security groups. Hence, the administrator must configure each security group accurately to prevent both security and performance issues.
5) Not Setting up Network Access Control List
AWS enables users to use network access control list (NACL) as an additional layer of security to control subnet traffic inflow and outflow. The administrators can use NACL just like security groups to keep their virtual private cloud (VPC) secure. Often administrators create a number of cloud security issues unintentionally by not setting up NACL. They can easily prevent the security issues by defining a rule number set for the rule. AWS will use the rule number to assess requests before allowing or denying packages. When the NACL is not set up, the VPN remains open to all ports and IPs. The administrator must set up the NACL to ensure appropriate inbound traffic.
6) Not Turing AWS CloudTrail on
As a web service, CloudTrail records the API calls made by AWS SDKs, Management Console, command-line tools, and high-level services. An administrator can refer to AWS CloudTrail to access the API call history, identify the API caller, detect IP address of the caller, and know time of the API call. But the administrator must turn AWS CloudTrail call to access the API call history and details. Often administrators create cloud security issues by forgetting to enable CloudTrail. The administrators do not have any option to enable the option retrospectively. Hence, they fail to access the information required to accelerate security analysis, compliance audit, and resource management.
7) Relying Only on Passwords
AWS allows administrators to implement custom password policies. It even allows individual users to manage their own passwords. But no user nowadays can keep the cloud data and resource secure only by creating strong and complex passwords. There are many instances when cyber criminals executed cloud security attacks by using login credential of users. In addition to implementing strict password rules, the administrator must compel users to implement multi-factor authentication. He must implement multi-factor authentication to keep the applications secure and minimize AWS cloud security risks. Likewise, he needs to impose two-factor authentication to manage the AWS instances securely. The tools provided by AWS make it easier for administrator to implement strong password rules and enforce multi-factor authentication.
Several studies show that most AWS cloud security risks and incidents occurred due to human error. Many cloud security incidents even occurred due to non-implementation of security control mechanisms provided by AWS. The enterprises must implement a robust cloud security strategy to take advantage of the security mechanisms provided by AWS and reduce unnecessary security exposures.