Cloud Security Resources

Best Practices for Privilege Management in AWS

Could what happened at Capital One happen at your organization? That depends on your commitment to cloud security. This breach could happen to any organization that’s not educated on AWS vulnerabilities and best practices. We’ve talked about how security misconfigurations played a role in Capital One’s breach, but now let’s discuss how privilege management contributed to this successful hack.

Best Practices for Configuring Your AWS Perimeter

Could what happened at Capital One happen at your organization? As a business owner, stakeholder, or IT personnel, that’s the unavoidable fear that appears when you hear about the latest data breach. The Capital One data breach is one of the most damaging data breaches of 2019, and we’ll continue to learn about the repercussions for months to come. This data breach impacts 100 million individuals in the United States and 6 million in Canada.

Most importantly – we know that this breach could happen to any organization that’s not educated on how to properly configure your perimeter security groups. Let’s discuss web application firewalls (WAF), Server Side Request Forgery (SSRF) attacks, metadata, and how a misconfiguration could lead to a compromised AWS environment and stolen data.

AWS Security for S3 and EC2

AWS brings new opportunities for businesses to innovate, build, and grow – but what about the data in the cloud? Is it protected? How likely is it to be compromised? The 2019 Cloud Adoption and Risk Report from McAfee reports that the sharing of sensitive data in the cloud is increasing 53% year-over-year. The average enterprise generates over 3 billion events every month in the cloud and uses 1,935 different cloud services, giving malicious attackers ample opportunity to find, steal, and sell the data you are responsible for.

This means that organizations must do everything in their power to implement AWS security and safeguard personal information. Where should you begin? Let’s discuss some of the basic security practices for S3 and EC2. These are extremely complicated subjects, but let’s make a starting point for your AWS security strategy with the following best practices.

The Dangers of Remote Cloud Audits

A major area of risk that we’ve recognized is remote cloud audits. We hear many organizations indicate that because they are a cloud-based organization, they do not want or need onsite assessments, but we want to help them avoid this attitude. Let’s be clear: it’s completely inaccurate to say that everything is in the cloud. Why? Let’s find out.

5 Best Practices for Cloud Security

How has the cloud impacted your organization’s security? Has it left you wondering – what consequences could we face if a malicious outsider gained access to our cloud environment? Would our clients stay loyal to us if our database was compromised? What can we do to implement cloud security?

Our five best practices for cloud security, especially in Azure and AWS environments, include areas of IAM, MFA, hardening techniques, monitoring programs, and industry-accepted cloud security tools. These best practices for cloud security work together and sometimes overlap to give your cloud environment the protection that it needs.

Who’s Responsible for Cloud Security?

As more and more organizations migrate to the cloud, it drives cloud service customers to consider how the cloud will impact their privacy, security, and compliance. First, cloud service customers must understand how their cloud service provider delivers a secure solution. Second, cloud service customers must consider their new role in cloud security. Some cloud service customers mistakenly believe that when they migrate to the cloud, their cloud security responsibilities also shift.

Who’s responsible for cloud security? Why do you even need security in the cloud? Let’s discuss the shared responsibility model and help you understand which elements of cloud security that customers are responsible for and which fall under the responsibility of the provider.

12 Risks You Need to Know to Secure Your Cloud Environment

Advancements in cloud technology have completely changed the way organizations use, store, process, and share data, applications, and software. Cloud environments tend to be more cost-efficient and time-efficient…so why wouldn’t you put your data in the cloud?

Because so many organizations are putting so much sensitive data into cloud environments, they have inevitably become targets for malicious attackers. New security vulnerabilities are consistently being discovered and, in a vicious cycle, traditional security vulnerabilities still show up in cloud environments. In response to the ever-growing threat landscape, the Cloud Security Alliance (CSA) has created industry-wide standards for cloud security.

Their report, “The Treacherous 12 – Top Threats to Cloud Computing + Industry Insights,” arms cloud users and cloud providers with guidance on risk mitigation for their cloud strategies. Based on research from the CSA Top Threats Working Group, the CSA determined the following 12 risks for cloud security to be the most critical issues.

Who Should Perform Your Cloud Audit?

The evolution of the cloud presents new security issues every day. As more and more organizations migrate user data to the cloud, it drives both cloud service customers and providers to consider how the cloud will impact the privacy and security of data. How does your organization secure your cloud environment? Just like any type of technology or IT operation, the security of your service needs to be validated by a third party. Who should perform your cloud audit? Someone who understands cloud computing and technology, not just an average auditor.