Amazon Web Services or AWS is the most utilized cloud platform in today’s market. As more organizations are migrating to the cloud for performance, cost, or reliability, the security environment in the cloud must be optimized and tested to prevent or minimize attack surfaces and the likelihood of a malicious breach.
Auditing and testing for security best practices
Our testing is developed on and tailored based on our client’s environment. For AWS, we take a deeper dive at Identity and Access Management (IAM), EC2 Service, VPC, S3 Storage, Elastic Load Balancing, DynamoDB, CloudTrail, Logging and Auditing, Simple Notification Service, and Relational Database Services, as examples. Some of the general aspects of what we can look for and analyze include:
- OWASP: Many of OWASP’s list of vulnerabilities still apply to applications on the cloud. For example, cross site scripting and SQL injection attacks are still possible in cloud applications, and Therefore the underlying code still needs to be secure, or at the very least utilization of Web Application Firewalls are applicable to create a more robustly secure environment.
- Amazon Inspector Scanner: The AWS platform introduces Amazon Inspector scanner, a free solution that can be utilized to scan for outdated libraries and potential web application attacks.
- S3 Buckets: Object oriented storage in the form of AWS S3 buckets and their potential for privilege escalation and/or information leakage via exposed public buckets should be analyzed.
- Service Accounts: Service accounts must abide by the principles of least privilege; They should be given only the required permissions they need for their function. Many times a misconfigured service account could lead to a higher level of vulnerability escalation.
- Optimizing Configurations: As with on-premises configurations, a strong password policy should be configured for services such as SSH. End of life software must be addressed and minimized if not eliminated
- IAM: Privilege escalation permissions need to be avoided and permissions should be given based on the principles of least privilege
Security of the cloud vs Security in the cloud
It is important to understand that the responsibility for the security of the cloud lies within the cloud service provider (AWS) while the responsibility for the security in the cloud lies within the company or resource owner (you). What is the difference? Security of the cloud refers to the cloud platform itself, including all the services provided by AWS. Security in the cloud refers to the security of the assets and instances deployed on the platform. There is therefore a shared responsibility model, and organizations must ensure that their security in the cloud is tested, audited, and optimized for the most robust security.