Ten tips for better AWS cyber security
Amazon Web Services (AWS) offers a huge variety of benefits for businesses, and organisations are increasingly opting for cloud solutions for their data, website, and applications. However, there are still some businesses using AWS that have not put the proper cyber security controls in place. Here we take a look at ten great tips to improve your AWS cyber security.
- Understand your responsibilities
When you work with any kind of web services provider you need to understand what you are responsible for and what will be managed by the provider. This is absolutely true in terms of AWS – where Amazon runs its so-called ‘shared responsibility model’. In this model AWS is responsible for protecting the infrastructure of the AWS cloud system including hardware, software, and networking.
On the other hand, you as the customer is responsible for customer data, identity and access management, firewall and anti-virus configuration, and issues such as data encryption. It can sometimes be necessary to work with outside agencies to manage your own cyber security.
- Ensure you have a coherent strategy in place
There is often a debate regarding cyber security: should you put controls in place to protect your business first and then update the system as necessary, or should you prioritise establishing a coherent strategy first, before investing in expensive services and tools? You might assume that you need to put defences in place immediately, regardless of whether they are right for your business, but in fact this can often be expensive and difficult to change at a later date.
In the majority of cases it is important that you should put a strategy in place first. With the complex requirements of modern cyber security, you need to understand the needs of your operation before you commit to services.
- Use a secure password policy
You need to ensure that your users are protecting themselves with strong passwords. You should put a secure password policy in place – this should not only mean that the passwords have specific requirements (such as: at least 8 characters; numbers, letters and symbols used; etc.) but also that the passwords should need to be updated periodically, and must be unique from previously used passwords.
The policy needs to be configured in the settings of your system so that there is no option for users to not follow them.
- Clearly define users’ roles
One major cyber security issue can occur in AWS if a business fails to define and set user roles. If all users have the same permissions and can access the whole of the system then your company is at serious risk if just one of them is compromised by cybercriminals.
You can easily manage user roles in your AWS account, ensuring that staff only have access to the data and files that they need in order to do their job. Of course, it is also important to regularly re-assess accounts to be sure that individuals do not have access to information across the whole of the system.
- Opt for a managed service if you require technical expertise
If you want to use AWS services for its many benefits but you are concerned that you do not have the kind of in-house technical expertise required to do so successfully, it can be a great idea to use a managed service. AWS specialists, Wirehive, say:
“There’s no doubt that managed AWS solutions can be extremely powerful and valuable for businesses. However, with the range of tools and options available to AWS businesses, day-to-day infrastructure management activities of the service can be demanding and complicated, taking significant expertise and resources away from more profitable tasks.”
You can work with companies offering a wide range of options to suit your needs, whether you are looking for 24/7 support and the whole system managed for you, or you just need expertise on specific issues.
- Put written procedures in place
It is a great idea to ensure that you have your cyber security procedures written up so that they can be accessed by anyone in the company. It is important to have a documented record of plans so that staff are ready to implement them.
- Include security at all layers
Yes, it is important to have cyber-security solutions such as firewalls and anti-virus software, but they are no longer enough to keep your business secure. When you work with AWS it is important to provide cyber security solutions for all layers of your business. This means everything from endpoint security measures to integrated SIEM services.
Once again, it is important to note here that if you do not take expert advice on the right sort of security services that you need, you can end up spending a large part of your budget on services that aren’t really doing anything for you.
- Encrypt sensitive data
AWS encourages its users to encrypt their data, and even offers you the option encrypt with the click of a button using their native encryption. However, you may prefer to implement your own encryption in ensure that you are protected to your own standards.
Additionally, it should be pointed out that encrypting data will not slow down your system, as some believe – it is simply an important method of securing your data.
- Never use expired certificates
It might seem like common sense, but it is still a problem for some AWS users. You should not be using expired SSL/TLS certificates – they may not be compatible with AWS services anymore, and this can create a whole range of issues.
10. Backup everything
AWS offers backup solutions, and they really are worth considering. Every organisation needs to ensure that its data is backed up in case of either a ransomware-style cyber-attack or some other major issue.