How to Prevent Common Threats to AWS Security

BY:

Oct 17, 2018

Don’t overlook these security threats when setting up your AWS account

Once your company decides to begin to seriously invest in the cloud, it can be easy to assume that using a provider like AWS guarantees that all of your data will be safe from potential cyber-attacks. This is not always the case. AWS does have best-in-class security measures and some of the best tools and infrastructure available to manage cloud-based servers – but there is still work that needs to be done to ensure that all of your critical resources are properly protected.

Common AWS security threats to watch out for

While this list is in no way exhaustive, it should give you an idea of some of the ways that hackers are looking to gain access to an AWS account. More importantly, it explains how to go about preventing them from affecting your organization’s cloud-based data.

IAM access

One of the biggest threats to any AWS customer is user access control, or Identity and Access Management (IAM). When you initially set up an AWS account, you’ll be taken through a variety of steps to authenticate and protect your account. You should keep the information that is used to gain access restricted to a very select number of individuals who actually need this information. IAM access ultimately gives users full control over your account, so you want to be extremely careful about assigning it.

Furthermore, there are additional ways that you can segment access and functionality, such as by creating VPC networks that permit IT admins to create isolated networks that connect to a subset of your instances. This allows you to separate staging, testing, and production instances, for example.

Properly protecting your S3 data

Many organizations will utilize Amazon’s S3 cloud storage, which offers countless configuration options as well as the ability to easily collect, store, and analyze data at scale. What some AWS users do not realize is that the file permissions for S3 “buckets” need to be properly configured. It’s very possible to create an S3 bucket that is readable by anyone, which in turn can give hackers complete access to the data within that bucket. This actually happened to Verizon recently and resulted in between 6 to 14 million customer data records being affected.

To prevent this issue, be sure that your S3 buckets are properly configured so that you’re not being careless about who can see them.

Improperly configured group policies

IT admins may get lax and create loose security group policies that could expose them to hackers. Group policies are much simpler to set up than setting permissions on an individual user basis, but they’re not nearly as secure. There are a large number of bots which have been designed to probe for any security flaws. They are unmanned scripts that simply scour the Internet looking for AWS servers with security vulnerabilities. Once a vulnerable server is found, hackers then go to work attempting to steal company data.

To prevent this issue, simply close all ports when you’re first setting up your AWS instance. You can also set up your instance so that it can only be accessible by your specific IP address as an additional safeguard.

When you begin to create security groups, it’s always a good idea to create individual security groups for each of your instances. This way, you can handle each of your instances individually in the event of some type of threat.

Contact CloudHesive for a comprehensive cloud security assessment

If you’re unsure of whether your AWS instances are adequately protected, don’t hesitate to reach out to CloudHesive’s South Florida team today. We offer a variety of Managed Security as a Service offering to help you utilize the power of the cloud – safely.

Reach out to us at 800-860-2040 or through our online contact form today for more information.

Related Blogs

  • A contact center agent handling a call" alt="">
    Amazon Connect Introduces Audio Device Settings for Custom Contact Control Panel

    Amazon Connect now offers more freedom to agents in the selection of their preferred audio device setting in the Contact Control Panel — here’s how to go enable it Key Takeaways: The new audio...

    Learn More
  • This image shows a magnifying glass made up of people on a white background. This is meant to illustrate a close analysis of customers in order to serve them better." alt="">
    How to Use Amazon Contact Lens to Analyze Conversations

    Get real-time insight into customer sentiment and trends with Contact Lens for Amazon Connect Key Takeaways: Contact Lens for Amazon Connect gives contact center managers a better understanding of...

    Learn More
  • Bringing customers around the world together with an integrated contact center." alt="">
    Amazon Connect: How to Configure Contact Center Agent Settings in a Custom Contact Control Panel

    The Amazon Connect Streams API can now be used to change the visibility option on the settings page of the Contact Control Panel — bringing multiple benefits to contact center managers Key...

    Learn More