Security is more important than ever and the cloud is being utilised by organisations of all sizes, growing daily in popularity and usage. But choosing the right package can be challenging AWS is
Organisations should encrypt their content for highly sensitive material. AWS, and third-party providers, offer tools that can be used to encrypt data. Should a leak or breach occur, any content that has been encrypted is rendered useless without the appropriate decryption keys.
From the system pint of view, Amazon S3 includes native functionality to assist organisations with avoiding misconfigurations, such as a prominent indicator in the S3 console next to each publicly accessible bucket. There is also the S3 Block Public Access feature, which allows account administrators to centrally control access settings, to prevent variation in their security configurations.
For example, AWS Config allows customers to enable pre-packaged rules which help ensure that their AWS resources are in a properly configured and compliant state. Some of these rules are designed to automatically identify buckets that allow global read or write access, by checking all buckets in the account and flagging content that is publicly available.
With AWS CloudTrail, IT teams can log, monitor and retain account activity related to actions across AWS infrastructure, simplifying security analysis and troubleshooting. CloudTrail is enabled on all AWS accounts without any additional configuration.
Also see: Cloud Security and Mitigation of Risk
Amazon Macie is a security service that uses machine learning to automatically discover, classify and protect sensitive data in AWS. This fully-managed service monitors data access activity for anomalies and generates detailed alerts of unauthorised access or inadvertent data leaks – such as sensitive data that a customer has accidentally made externally accessible.
AWS also has Amazon GuardDuty; a threat detection service that continuously monitors for malicious activity and unauthorised behaviour. In the cloud, the collection and aggregation of account and network activities is simplified, but it can be time-consuming for security teams to continuously analyse event log data for potential threats. With GuardDuty, organisations can have an intelligent and cost-effective option for continuous threat detection. The service uses machine learning, anomaly detection, and integrated threat intelligence to identify and prioritise potential threats.
GuardDuty analyses tens of billions of events across multiple AWS data sources and can be enabled without any software or hardware to deploy or maintain. By integrating with AWS CloudWatch Events, GuardDuty alerts can be aggregated across multiple accounts and can be combined with existing event management and workflow systems.
Any other tips for securing AWS you would like to share?