Six Best Practices for Securing Amazon Web Services
Leveraging built-in Infrastructure-as-a-Service (IaaS) security is a good start, but only a portion of the solution according to the Amazon Web Services’ Shared Responsibility Model. While AWS provides an excellent layer of foundational security for services, their shared responsibility model is clear – “businesses are still responsible for the confidentiality, integrity, and availability of their data in the cloud.”
Source: Amazon Web Services Security Best Practices, August 2016
In this white paper, you’ll learn six best practices for taking on your share of the security responsibility when moving to an AWS infrastructure.
- Common Security Model - Conventional security and compliance concepts still apply in the cloud. Leverage and extend on-premises access polices to deploy infrastructure and apps quickly and securely in the cloud.
- Eliminate EC2 Key Pairs - Minimize attack points by leveraging Active Directory, LDAP and cloud directories such as Google’s versus creating local accounts and managing EC2 key pairs for authentication.
- Ensure Accountability - Leverage existing user accounts or federate access to services and resources in AWS, and create fine-grained permissions to resources, applying them to users through groups or roles.
- Least Privilege Access - Grant users just the access they need in the AWS console, on EC2 instances and to apps across all your platforms – AWS console, Windows and Linux.
- Audit Everything - Log and monitor both authorized and unauthorized activity in EC2 instances, associating all activity to an individual and report on both privileged activity and access.
- ·MFA Everywhere - Thwart in-progress attacks in AWS. Consistently implement MFA for AWS service management, on login and privilege elevation for EC2 instances, and when accessing enterprise apps.
Download the white paper now to learn how these best practices can streamline and simplify your move to the cloud.