In 2020, the Australian Government’s Department of Home Affairs ran a study on the impacts of cybercrime on Australian businesses. They found that during that one year, cybercrime cost Australian businesses upwards of $29 billion.
That is a lot of money that could have been better spent elsewhere - especially considering small to medium businesses were found to be particularly vulnerable, with 1 in 3 reporting to have fallen victim to a cyber-attack.
With more and more businesses adopting AWS Cloud solutions like Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) as part of their digital transformation strategy, security in the cloud has never been more important.
However, despite close attention and best intentions, some businesses still aren't as secure as they believe themselves to be.
Why is AWS security so important?
Like all cloud services, AWS comes with security risks if it is not properly secured. Security should be prioritised above all else by organisations and their AWS partner. It might sound obvious, but it's not uncommon to hold misconceptions about the state of an organisation’s security - especially if you're not a cloud security expert.
This is when cyber attacks can have their most devastating impact. Unoptimised AWS security can easily lead to serious problems like:
Breach of sensitive data. AWS accounts often contain sensitive data such as Personally Identifiable Information (PII). Failure to secure this data can leave it susceptible to unauthorized access or public exposure.
Regulation noncompliance. Many businesses are required to comply with industry-specific or government regulations on security. Insufficient account security can lead to fines or other penalties.
Increased risk of attack. Cyber-attacks are only increasing in frequency and complexity. It's become a case of when (not if) your organisation will be targeted.
Reputational damage. A data breach can severely damage the reputation of any given business.
Financial hardship. Cyber-attacks cost businesses big money in system downtime, legal fees, and data theft.
7 signs your AWS environment might not be secure
Hints at poor security can be found riddled throughout an AWS account. Regardless of where you are in your Cloud journey, it's strongly recommended you enable AWS Security Hub in all accounts and regions, which can help you discover vulnerabilities.
Here are some of the most common issues we find in new customers’ accounts.
1. Access keys are unsecured
Access keys and secrets such as database credentials are stored in plain text in code repositories.
2. Passwords are weak or compromised
Weak passwords that are easy to guess and vulnerable to brute-force attacks.
3. Ports are unsecured
Overly permissive EC2 security groups and publicly accessible databases.
4. Software and dependencies are unpatched
Out-of-date software and dependencies with known vulnerabilities.
5. Access is unrestricted
Users and machines with administrator access to all AWS services.
6. Logging and Monitoring are lacking
No tools are in place to monitor for security events and vulnerabilities.
7. No use of encryption
Data is stored in plain text and/or sent over the public internet in plain text.
The best ways to protect your AWS environment from cybercrime
If you recognise that your organisation is guilty of one or more of the above security misdemeanours, don't panic. The goal is to be aware - only then can you make the changes required to increase security. Here are a few places to start:
Adopt 'Shift Left Security'
Many customers don’t want to hear it, but security needs to start at the very beginning of the software development lifecycle - with the developers. Traditionally, security was considered a separate function that is handled after development was complete. But this approach can lead to poor-quality code that leaves your application vulnerable.
With Shift Left Security, security is implemented during the software development phase, allowing security issues to be squashed as early as possible in the product’s lifecycle.
Start with your team. Shift Left Security is an understanding that security is everyone’s responsibility. Ensure developers are trained in secure coding practices.
Identify threats by scanning your code for vulnerabilities at the local, development, testing, staging and production level.
Automate. Ensure your code is deployed using a CI-CD pipeline with automated security testing.
Centralize your identity management
Ensure you are using a strong, centralised identity store for your users, that supports Multi-Factor Authentication. When a user leaves your organization, you remove them from the identity store, revoking access to all systems.
Use the Principle of Least Privilege
Users and systems should only have enough privileges to perform their specific functions. Nothing more, nothing less.
Eliminate long-term credentials
Long-lived credentials (such as IAM user access keys) can become compromised. Wherever possible, use temporary access keys for humans, and role-based access control for machines.
Monitor for security events and vulnerabilities
AWS provides native security services to protect and monitor your workloads in the cloud. At the very least, enable AWS Security Hub to identify vulnerabilities. AWS Security Hub integrates with most other AWS security services to give you a holistic view of your AWS security across multiple accounts and regions.
Encryption, encryption, encryption
Ensure data is encrypted at rest, and in transit. In many cases, you can use AWS Key Management Service (KMS) to encrypt your database and application storage without making any changes to your code. For server-based applications, you can easily encrypt data in transit using AWS Certificate Manager and AWS Load Balancing.
Operate at a distance
Keep people away from your data, to reduce the risk of mishandling sensitive information. This means removing direct access to infrastructure such as databases and application instances and allowing engineers to only deploy using predefined pipelines.
Patch your software
Have a process (manual or automated) in place to update software and software dependencies. You can automate the patching process using AWS Systems Manager Patch Baselines. Be sure not to neglect your application code dependencies, which are just as important. As you go, track your abilities in your application code dependencies and patch them. A popular tool to achieve this is GitHub’s Dependabot.
Prepare for security incidents
Talk to your team about security events. What do you do in the event of a security attack on your AWS workload? Ensure you have comprehensive processes and guidelines documented, that your team can follow during such events.
Most importantly, ensure you have the knowledge
Securing your AWS environment against cyber-attacks may seem daunting (because let’s face it, it is). This is why the number one recommendation is to ensure that you have the expertise on hand to mitigate cloud environment security risks.
PolarSeven is an Advanced Tier AWS Consulting Partner with experience in helping customers secure workloads on AWS and protect against cybersecurity threats. We use a combination of AWS-native tools to monitor your accounts and workloads to proactively protect them.
If you would like to learn more about how PolarSeven can help with AWS security, contact us here.
Author - Mark Harris. Mark is a Lead Cloud Engineer at PolarSeven – with a passion for creating robust, reliable and elegant solutions for those in the AWS space.