It’s almost impossible to ignore the constant drumbeat of news about the latest cloud security data breach. From the headlines, one would think they are basically inevitable, an unavoidable cost of business as businesses move to the cloud. The fact is, however, they’re not. Even more important to note is that there are concrete steps organizations can take to substantially reduce the risk of a cloud security breach from ever occurring at all.
The reality is that a secure cloud environment like Amazon Web Services (AWS) offers many organizations far better security than they can afford on their own. As Curt Dukes, executive vice president for Security Best Practices, for the non-profit Center for Internet Security (CIS), says, “Companies with limited resources and budget should actually consider moving to the cloud to benefit from stronger security and compliance. Equipment is monitored, and access to the premises of data centers is heavily secured.”
The truth is no different for enterprise scale organizations. Cloud is intrinsically as safe, and especially given today’s expanding digital threat landscape, safer and more secure than your own on-premise data centers.
So, what, or perhaps better, who is responsible for the majority of cloud security data breaches? Well, to paraphrase a popular line of William Shakespeare’s, “the fault is not in the (clouds), it is in ourselves.” The vast majority of cloud security failures are due to misconfiguration errors. Mistakes in short, that are made by us. Errors that are not inevitable but that can be avoided relatively easily and cost-effectively. The good news is that your organization does not have to be a statistic – the latest to fall victim to a high-profile data breach and the next headline in the hacking news.
Partnering to Secure Organizations Better
Symantec, and the world’s leading public cloud provider, Amazon Web Services, are trusted partners who constantly work together to help our customers improve their own cloud security practices. As part of that responsibility, we’ve developed a number of best practices, tips and solutions that address many of the root causes, such as Amazon Simple Storage Service (S3) misconfiguration errors, of cloud security failures.
We’ve collected these best practices in a guide for easy reference. Central to these best practices is understanding that improving cloud security is a shared responsibility between organizations and their cloud and security vendors. That means that organizations should first ensure that they select a cloud provider, like Amazon, that they trust to offer a highly secure infrastructure. It then becomes incumbent on the organization to take the steps necessary to help secure their data and workloads running in that cloud environment.
Perhaps most important for an organization is to ensure that their cloud security solution provides automated security. It needs to be baked into the infrastructure so that it automatically monitors the organization’s data wherever it lives and goes in the cloud. The dynamic nature of cloud and modern cloud-native applications makes this a necessity. Another best practice is to adopt a Zero Trust approach to protecting workloads and securing access. A Zero Trust approach that is identity-centric and based on data classification. This makes it much easier for your organization to monitor and track data in real-time and conversely, much more difficult for hackers to infiltrate and do damage. And finally, a third best practice is to ensure that your cloud security solution addresses malware too.
Avoiding Cloud Misconfiguration Errors
Given that misconfiguration errors are the cause of the vast majority of cloud security failures, avoiding these mistakes is also a primary focus of our joint Amazon and Symantec cloud security recommendations. There are three cloud security misconfiguration errors that are the biggest to avoid because they are the source of most cloud security breaches. They are:
- Leaving default settings unchanged, creating open access for hackers to exploit.
- Open cloud storage buckets that enable bucket access permission errors.
- Stolen credentials that compromise access keys -- granting hackers full access.
To secure your Amazon cloud environment and avoid these misconfiguration errors, organizations need to correctly configure their cloud in four key areas: identity and access management, logging, monitoring, and networking. Based on our work with our customers, we have created a “Configuration Checklist” that highlights what we believe are the Top 10 most important–and easiest--steps for customers to take when moving their infrastructure to AWS.
By adopting these security tips and best practices from Amazon Web Services and Symantec, you can be assured that your cloud environments are both secure and configured correctly – and not the cause of your organization becoming the latest data breach trending on Twitter and the evening news.
As an Advanced Technology Partner with Amazon Web Services, our Symantec cloud security solutions are optimized for the AWS platform and have received the highest certification from AWS: Security Infrastructure Competency. Our solutions are automated and folded into the development workflow, ensuring an added level of agile security and compliance for developers and other users. In addition, Symantec cloud security solutions protect workloads and defend against malware attacks.
Still have questions? We can help. Contact Symantec: Awsfirstname.lastname@example.org
How Snapper Further Protects Data in Amazon S3 Using CWP for Storage
In this webinar, you’ll learn: - How CWP for Storage protects against the latest threats and malware - Ways CWP for Storage delivers scalable security that integrates with DevOps workflowsWatch Webinar Here