10 AWS security blunders and how to avoid them

Amazon Web Services is easy to work with -- but can easily compromise your environment with a single mistake

The cloud has made it dead simple to quickly spin up a new server without waiting for IT. But the ease of deploying new servers -- and the democratic nature of cloud management -- can be a security nightmare, as a simple configuration error or administrative mistake can compromise the security of your organization's entire cloud environment.

With sensitive data increasingly heading to the cloud, how your organization secures its instances and overall cloud infrastructure is of paramount importance. Cloud providers, like Amazon, secure the server hardware your instances run on, but the security of the cloud infrastructure your organization sets up on that infrastructure is all on you. A broad array of built-in security services and third-party tools are available to secure practically any workload, but you have to know how to use them. And it all starts with proper configuration.

Analysis of real-world Amazon Web Services usage doesn’t paint a pretty picture. Cloud security company Saviynt recently found among its customers an average of 1,150 misconfigurations in Elastic Compute Cloud (EC2) instances per AWS account. It’s clear that the ease of spinning up EC2 instances for development and testing is coming at the expense of security controls that would otherwise be in place to protect on-premises servers. AWS admins need to use available tools properly to ensure the security of their environments.

Here we survey some of the most common configuration mistakes administrators make with AWS.

Mistake 1: Not knowing who is in charge of security

When working with a cloud provider, security is a shared responsibility. Unfortunately, many admins don’t always know what AWS takes care of and which security controls they themselves have to apply. When working with AWS, you can’t assume that default configurations are appropriate for your workloads, so you have to actively check and manage those settings.

“It’s a straightforward concept, but nuanced in execution,” says Mark Nunnikhoven, vice president of cloud research at Trend Micro. “The trick is figuring out which responsibility is which.”

Copyright © 2016 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022