Leveraging built-in Infrastructure-as-a-Service (IaaS) security is a good start, but only a portion of the solution according to the Amazon Web Services’ Shared Responsibility Model. While AWS provides an excellent layer of foundational security for services, their shared responsibility model is clear – “businesses are still responsible for the confidentiality, integrity, and availability of their data in the cloud.”
Source: Amazon Web Services Security Best Practices, August 2016
In this whitepaper, you’ll learn eight best practices for taking on your share of the security responsibility when moving to an AWS infrastructure.
- Common Security Model - Conventional security and compliance concepts still apply in the cloud. Leverage and extend on-premises access policies to deploy infrastructure and apps quickly and securely in the cloud.
Automate Visibility and Control - You can’t manage what you can’t see. You need complete visibility into all your systems, privileged accounts, and data both on-premises and in the AWS Cloud so you can govern and protect access.
Consolidate identities - it’s a best practice to eliminate as many EC2 Key Pairs and AWS IAM user accounts and their associated IAM Access Keys as possible in the AWS Cloud.
- Ensure Accountability - Leverage existing user accounts or federate access to services and resources in AWS, and create fine-grained permissions to resources, applying them to users through groups or roles.
- Least Privilege Access - Grant users just the access they need in the AWS console, on EC2 instances, and to apps across all your platforms – AWS console, Windows, and Linux.
Just-in-Time Access and Privilege - JIT supports a least privilege model in which users don’t have always-on privileged access.
- Audit Everything - Log and monitor both authorized and unauthorized activity in EC2 instances, associating all activity to an individual and report on both privileged activity and access.
- MFA Everywhere - Thwart in-progress attacks in AWS. Consistently implement MFA for AWS service management, on login and privilege elevation for EC2 instances, and when accessing enterprise apps.
Download the white paper now to learn how these best practices can streamline and simplify your move to the cloud.