Editor's note: For AWS infrastructure security, your main concerns should not be the cloud system vulnerabilities, but your account security achieved through the proper configuration of AWS services. Read on to learn about typical AWS security issues and how to address them. Turn to ScienceSoft’s managed AWS services to set up a proactive approach to AWS security.
At ScienceSoft, we believe that the right approach to AWS security is to establish proper identity and access management by setting up appropriate permissions for every user and performing further AWS configurations. Learn about AWS security weak spots and how to prevent potential security breaches of your AWS account as you read our article.
AWS security issues: improper configuration and access control
A recent global Cloud Security Report released by Check Point and Cybersecurity Insiders shows that the top cloud security threats are unauthorized cloud access (42%), insecure interfaces (42%), misconfiguration of the cloud platform (40%), and account hijacking (39%).
As you can see, companies who use the AWS cloud infrastructure may rely on the cloud service provider for data and application security and should focus more on strong access control and proper configuration of AWS services*.
We usually find the most security issues in these 3 weak spots of our client’s AWS infrastructure configuration:
- AWS Firewall Manager.
- Identity and access management (IAM) controls.
- Logging and monitoring tools (Amazon GuardDuty, CloudWatch, and CloudTrail used to implement an efficient SIEM solution as part of a comprehensive AWS monitoring approach).
These AWS infrastructure components may have the following typical misconfigurations:
- Disabled multi-factor authentication for AWS services.
- Amazon CloudTrail not configured to log API call history of key AWS services.
- Wide-range permissions for S3 buckets, public cloud storage resources.
- IAM accounts set up as a single point of access to multiple resources.
- Broad access ranges for AWS Security Groups.
- Startup and configuration scripts containing authorization info.
- Public AWS AMIs (Amazon Machine Image) containing proprietary or sensitive data.
- Machine state snapshots placed in public storage.
How to effectively locate security vulnerabilities
To locate vulnerabilities and assess the AWS infrastructure’s level of security, ScienceSoft practices penetration testing. Let’s illustrate the effectiveness of penetration testing and the importance of proper AWS configuration with one of our cases. While checking our client’s AWS-hosted website for vulnerabilities, our team revealed a serious security flaw.
We started penetration testing with an initial firewall setup check (sending requests to various resources to reveal loopholes) which came out with no issues. Then, using one of the scripts, ScienceSoft cybersecurity experts were able to obtain access to archived data snapshots and extracted our client’s valuable customer data. This vulnerability was successfully patched after it was discovered.
How to ensure AWS security
Keeping your AWS system’s configuration and access management in control could be quite challenging, especially when you are running on the complex AWS infrastructure with a multitude of resources and cloud services used. To help you locate and uncover security vulnerabilities, ScienceSoft is ready to conduct penetration testing as part of our security testing services.
Even though uncovering existing vulnerabilities is a healthy practice, it’s better to have a comprehensive approach to AWS security. By taking advantage of ScienceSoft’s AWS managed services, you will be able to anticipate and prevent potential security issues.
*All AWS Marks are trademarks of Amazon.com, Inc. or its affiliates in the United States and/or other countries.
Want to stay technologically advanced and still focused on your core business activities? We are ready to help you manage your complex IT environment.