Increase Security in Your AWS Environment
Together, we’re better. Centrify has teamed up with Amazon Web Services (AWS) to unlock the synergies of both companies’ solutions.
Leveraging built-in Infrastructure-as-a-Service (IaaS) security is a good start, but even cloud service provider AWS recommends extending their security best practices. While AWS provides an excellent layer of foundational security for services, their shared responsibility model is clear — “businesses are still responsible for the confidentiality, integrity, and availability of their data in the cloud.”
Centrify’s Cloud Provider solution augments AWS’ built-in security to assure you’re automating secure privileged access in your cloud environment.
Eight Best Practices for Increasing Security in AWS
Common Security Model
Security and compliance concepts apply equally to human and machine identities in the cloud and on-prem. Consistently enforce access policies across hybrid infrastructure to avoid security gaps.
Automate Visibility and Control
Automate visibility and control over privileged access for dynamic infrastructure including AWS Elastic Compute Cloud (EC2) instances with continuous discovery and enrollment of systems.
Minimize attack points by leveraging cloud directories such as Google’s, LDAP, or Active Directory, for authentication versus creating and managing EC2 key pairs and AWS access keys.
Leverage existing user accounts or federate access to services and resources in AWS. Create fine-grained permissions to resources and apply them to users through groups or roles.
Enforce zero standing privilege security by requiring admins request privilege when they need it, receive workflow-based approval, and have temporary privilege to the AWS console and on EC2 instances.
Least Privilege Access
Grant users just the access they need in the AWS console and on EC2 instances. Implement cross-platform privilege management for AWS console, Windows and Linux.
Log and monitor both authorized and unauthorized activity in EC2 instances. Associate all activity to an individual and report on both privileged activity and access.
Thwart in-progress attacks in AWS. Consistently implement MFA for AWS service management, on login and privilege elevation for EC2 instances.
Let Centrify help you apply these best practices to your AWS environments:
AWS Shared Responsibility Model
AWS and the AWS customer share responsibility for security.
AWS provides robust security for infrastructure and services as their part of the AWS shared responsibility model.
Securing operating systems, platforms and data remain the responsibility of the AWS customer, and Centrify can help.
Govern Privileged Access for AWS Management Service
Vault the password for the AWS root account, rotate the password, and enforce MFA for break-glass access.
Eliminate identity sprawl with federated access to the AWS management service either through the console, or leveraging Python or PowerShell and the AWS CLI.
Secure AWS management services by requiring admins to request access, provide identity assurance through MFA, and receive approvals for temporary access.
Leverage any directory service to control AWS role assignment and grant just enough privilege.
Govern Privileged Access for EC2 Instances
Continuously discover and enroll systems in Centrify Platform to establish trust and machine identities. Automate privileged access security policy enforcement across infrastructures, VPCs, and subnets.
Strengthen identity assurance leveraging MFA everywhere and enterprise directories for authentication versus shared EC2 key pairs; without replicating identities or identity infrastructure.
Minimize attack surface by securing shared accounts and remote access, granting least privilege just-in-time, and auditing all activity across Windows, Linux, and UNIX.
Grant apps secure access to vaulted credentials leveraging machine identities versus new service accounts. Eliminate the use of passwords in apps with short-lived tokens and federation.
Want to Learn More About How to Increase Security
in AWS Environments with Centrify?
Amazon Web Services Environments
Centrify partners with Amazon Web Services to provide a comprehensive set of integrated solutions.
5 Myths about Privileged Access Management for AWS
Download this eBook and start debunking the 5 myths about privileged access management for AWS.