If you have a monitoring tool in place to identify unwanted activity, the next step is making sure that the unauthorized guest cannot cause damage. The Skyfence tool's proxy system can shut down AWS accounts, add authentication credentials to access the management console and require that any changes to the AWS cloud are approved by authorized users. In the Code Spaces case, this could have prevented the hackers from deleting data in the company's AWS cloud.
There are a variety of other ways to ensure that hackers can't cause damage, even if they do get into your AWS account. One is by encrypting the information stored in AWS's cloud. AWS's marketplace has many different encryption vendors, such as SafeNet and Vormetric, that provide various encryption services. Note that AWS provides some base-level encryption for its Simple Storage Service (S3) and some other services, but that is meant to protect mass attacks against the entire system. If a hacker gains access to a user's account, this encryption will not be effective to prevent intruders from modifying the data.
The Code Spaces incident started off as a DDoS attack, which then spiraled into a larger breach. One way to prevent DDoS attacks is to implement a Web Application Firewall. These are available in the AWS Marketplace from companies like Barracuda and Alert Logic. These offerings can be used to monitor the traffic coming in, recognize unusual behavior like a DDoS, and block it.
A best practice for security is to back data up, says Rob Ayoub of NSS Labs, who recently wrote a paper on AWS Security best practices. Backing up data may not prevent an attack, but it could help you quickly recover from one.
Many people have a misconception that if data is stored in the cloud it will automatically be backed up. That's true for some services, but not all. AWS Elastic Block Store (EBS) and S3, for example, are highly available, meaning that AWS promises with a high degree of certainty that the data will not be lost because it is backed up within the system (if a user gains access to the management console this data can be modified though, rendering the built-in backups useless). EC2 virtual machine instances are not automatically backed up. Know which services come with what guarantees by researching them before using.
The idea here is that if a hacker does gain access to an account and causes damage, the user has a backup copy of the data that it can revert to. Each user has to evaluate what data they want to back up. Some organizations back up everything; others only justify backing up mission critical data. Some backups are live, meaning that it is copied in real time. Others can be set to be done daily, weekly, monthly or in whatever interval the customer wants.
Sign up for CIO Asia eNewsletters.