Looking back to the end of 2013 and reviewing 2014 thus far, any security professional would wonder if it is possible to navigate the security landscape successfully. Target announced a serious data breach late last year; Neiman Marcus announced its own breach at the start of this year; and eBay just recently announced a password breach issue. Add to this the same data security and privacy concerns that we had at the end of 2013, and security in 2014 is resembling a jungle, complete with hungry tigers, malaria, and poisonous spiders.
Amazon Web Services (AWS) is the world’s largest and most popular public cloud platform, appealing to organizations of all sizes. As enterprises shift applications, data, and infrastructure to AWS, they must consider how best to secure these components in a public cloud environment. Security has been simplified for customers through various mechanisms offered by Amazon and security vendors.
While end users must carefully consider the security features offered by any cloud provider under consideration, Amazon has provided resources and tools that enable end users to integrate security into its cloud infrastructures. Securing Amazon – It’s a Jungle Out There is the first brief in a two-part series that discusses the AWS platform and the controls provided to help customers secure data and infrastructure residing in the Amazon cloud. Built-in firewalls, identity and access management, key management, and custom consulting engagements with Amazon are some of the key areas discussed.
No cloud provider can ever provide perfect security, but Amazon has proven itself a solid baseline against which customers should compare other public cloud vendors. The second brief in the series will discuss the AWS Marketplace and the myriad virtual appliances available for specialized functions. For now, end users can liken Amazon’s current tools to a machete – a good start for navigating a dangerous jungle.
Follow me on Twitter (@robayoubs) to keep informed as new research is released.
Follow us on Twitter (@NSSLabs) to keep informed as new research is released.