Make sure to regularly rotate the keys. RedLock found 63 percent of access keys were not rotated in over 90 days. This gives attackers time to intercept compromised keys and infiltrate cloud environments as privileged users.
Don't use the root user account, not even for administrative tasks. Use the root user to create a new user with assigned privileges. Lock down the root account (perhaps by adding multi-factor authentication) and use it only for very specific account and service management tasks. For everything else, provision users with the appropriate permissions.
Check user accounts to find those which are not being used and disable them. If no one is using those accounts, there is no reason to give attackers potential paths to compromise.
5. Security hygiene still matters
Defense-in-depth is particularly important when securing cloud environments because it ensures that even if one control fails, there are other security features keeping the application, network, and data safe.
Multi-factor authentication (MFA) provides an extra layer of protection on top of the username and password, making it harder for attackers to break in. MFA should be enabled to restrict access to the management consoles, dashboards, and privileged accounts. Redlock found that 58 percent of root accounts do not have multi-factor authentication enabled. ThreatStack found that 62 percent of organizations had at least one AWS user without multi-factor authentication enabled.
6. Improve visibility
Major cloud providers all offer some level of logging tools, so make sure to turn on security logging and monitoring to see unauthorized access attempts and other issues. Amazon provides CloudTrail for auditing AWS environments, but too many organizations wind up not turning on this service. When enabled, CloudTrail maintains a history of all AWS API calls, including the identity of the API caller, the time of the call, the caller’s source IP address, the request parameters, and the response elements returned by the AWS service. It can also be used for change tracking, resource management, security analysis, and compliance audits.
Don't let mistakes result in a breach
Data breaches aren't always caused by outside attackers; sensitive data can be exposed but human error, too. Mistakes--forgetting to turn on something or thinking something was done but not verifying it--can leave the door wide open for attackers. Organizations need to regularly assess the security of their cloud environments, and also that of their vendors, suppliers, and partners. As the Verizon breach showed, the third-party vendor’s mistake becomes the organization’s headache.
The shared security model exists for a reason--no matter who is responsible for the security of the cloud workloads, the organization is ultimately responsible for what happens to their data.
Sign up for CIO Asia eNewsletters.