This week disappointing news came from service provider Code Spaces, a company that provided support for devops application management. Code Spaces, which was hosted in Amazon Web Service's cloud, ceased operations. after suffering a distributed denial-of-service attack by a perpetrator who demanded ransom and then began deleting data when company officials logged into their AWS account to stop the attack.
The episode raises the question: How can you prevent this from happening to your AWS cloud account?
Below are best practices to follow when using AWS's cloud, or really any IaaS cloud.
The biggest thing to remember is that when customers use the cloud, security is not inherently provided for all workloads. AWS stresses that it has what it calls a "shared security" model. This means that AWS will provide the security of its physical data centers (the virtual machines, storage and even security features), but it is up to customers to implement security services on top of their AWS infrastructure.
A common method for making it hard for hackers to get into your account is by enabling two-factor authentication (2FA). This process requires users to present two forms of verification before logging into a system. For example, a password and a code that is generated and entered by the user. AWS offers a free multi-factor authentication service (click here for more information on it).
It's one thing to have two-factor authentication, but it's another to ensure that those private keys are protected. AWS has a variety of options to ensure this, including its HSM, which stands for Hardware Security Module. It's an appliance that helps organizations manage their keys, and it can sit behind a customer's firewall on its own premises. Learn more about HSM here.
Users can make it hard for hackers to get into the cloud, but you'll probably also want to make sure that no unauthorized users actually have gotten in. There are a variety of options to monitor AWS usage, including some free AWS tools, and many other services that you can buy in the AWS Marketplace.
One AWS tool is called CloudTrial, which the company released at its re:Invent Summit last year (the offering is still in beta). It creates an API-log that reports all of the activity in a user's account. This data can be dumped into monitoring solutions and analyzed. Read more about that from AWS here.
The idea is that you should look for abnormal behavior, like unknown users logging in at unusual times or from unusual IP addresses. There are a variety of tools in the market that perform these tasks as well. One, called Skyfence, is a proxy-based system that monitors AWS activity and alerts users when something out of the ordinary is happening.
Sign up for CIO Asia eNewsletters.