AWS Security Best Practices: Cloud Security Report 2020 for InfoSec
This year, many companies have made a rapid shift to the cloud in response to the enduring COVID-19 pandemic. By adopting new IaaS and PaaS solutions or expanding their existing footprints in the cloud, companies are able to support a growing work-from-anywhere workforce. However, the introduction of new cloud technologies has increased the potential for security vulnerabilities. IT security professionals are looking for AWS security best practices that unify security and decrease operational complexity across these increasingly heterogeneous and sprawling environments.
The Cybersecurity Insiders AWS Cloud Security Report 2020 is a comprehensive survey of 427 cybersecurity professionals, conducted in May of 2020. The report offers up-to-date insight into the latest trends, challenges, and solutions for cloud protection on AWS.
AWS Security Best Practices from the InfoSec Perspective
This post focuses on key report findings that matter to information security teams and covers some best practices for cloud security management. You can also download our Cloud Security Concerns & Challenges infographic for a quick view of these findings. Additionally, the following posts explore the AWS Cloud Security Report findings from the managerial and DevOps perspectives:
- AWS Cloud Security Report 2020 for Management: Managing the Rapid Shift to Cloud
- DevOps Security Automation: AWS Cloud Security Report 2020 for DevSecOps
Inside the Infographic: AWS Cloud Security Concerns & Challenges
The biggest cloud security threats identified by the recent survey are nothing new. Established and well-understood vulnerabilities, including misconfiguration, insecure interfaces, and unauthorized access topped the list. However, the move to cloud adds new layers of operational complexity. The physical separation between cloud servers and users, coupled with a rapid increase in remote workers, means security professionals must monitoring hundreds—if not thousands—of connected systems and workloads, along with watching their existing data center assets.
Misconfigurations are the Biggest Threat
When asked about the biggest cloud security threats, organizations ranked misconfiguration of the AWS cloud platform as the single biggest vulnerability (49%). This is followed by insecure interfaces/APIs (47%), and unauthorized access through misuse of employee credentials and lack of proper access controls (46%).
Figure: Misconfigurations, insecure interfaces, and unauthorized access are the biggest concerns
While this data is consistent with the top security mistakes identified in our whitepaper, “The Five Nastiest Security Mistakes Exposing Public Cloud Infrastructure,” it also represents an ugly truth: many IT professionals underestimate the threat of cloud misconfiguration. Through the year 2025, 99% of cloud security issues will be the customer’s fault. Adherence to AWS security best practices can eliminate the common misconfiguration mistakes that leave your data exposed, provide entry points for bad actors, or lead to malware injection and ransomware attacks.
Data Challenges in the Cloud
As more workloads move to the cloud, risks to data also increase. 63% of survey respondents expressed concern around data loss, privacy, and confidentiality in the cloud. As stated previously, misconfiguration can put cloud workloads at significant risk, including the potential for data loss. With the introduction of complex, multi-cloud architectures and rapid data growth and sprawl, organizations need pre-emptive mitigation strategies built on AWS security best practices to ensure lasting data protection.
Figure: Data loss and privacy are big cloud security concerns
The Skills Gap Continues to Grow
The rapid rate of public cloud adoption has created significant operation security headaches and compliance challenges. In the 2020 IT Skills and Salary Report, Global Knowledge indicates that cybersecurity remains the most difficult skills gap to fill for the fifth consecutive year. The AWS Cloud Security Report reflects this challenge, with 39% of respondents indicating the lack of qualified staff as their biggest operational security headache. Additionally, the staff that they do have available have difficulty maintaining visibility across their cloud environments, and they lack confidence in their company’s ability to maintain compliance with security policies as their cloud environments grow. In turn, risk assessment, monitoring, reporting, and audit compliance all suffer.
Figure: Lack of qualified staff, compliance, and visibility are the biggest operational security headaches
Security Tools Designed for the Cloud: Automating AWS Security Best Practices
The problem with many traditional security solutions and strategies is the limitation of their design. Often, they don’t take into account the varying security needs and concerns of a multi-cloud environment, where shared responsibility model coverage and complexity can vary greatly between cloud service providers and the services used. Though many security tools can connect to the cloud, most traditional tools are not designed with the flexibility needed to unify cloud security management.
In a recent report, Forrester stated that on-premises security suites are less effective for cloud workloads. The gaps left by these point tools have security professionals driving toward platforms built expressly for the cloud. Specifically, survey respondents are interested in platforms that accelerate deployment, secure data in and across the cloud, and decrease overall security spend. This direction is consistent with Forrester’s suggestions that organizations focus on implementing automation strategies that natively connect security through bi-directional APIs across IaaS, PaaS, and containerized environments.
Figure: There are significant drivers to move to cloud-native security tools
The latest AWS Well-Architected Framework calls for automated AWS security best practices starting from the point of configuration. Automated cloud security platforms address configuration concerns directly by providing tools, bi-directional REST APIs, and lightweight sensors that allow you to tightly integrate security into your company’s cloud use. Unified, comprehensive security across public, hybrid, and multi-cloud environments gives you control over cloud configurations, application and API security management, and access controls, as well as monitoring data in transit, in use, and at rest.