Back to blog results

July 9, 2019By Sridhar Karnam

6 steps to secure your workflows in AWS

On AWS, your workloads will be as secure as you make them. The Shared Responsibility Model in which AWS operates ensures the security of the cloud, but what’s in the cloud needs to be secured by the user. This means that as a DevSecOps professional, you need to be proactive about securing your workloads in the Amazon cloud.

Achieving the optimal level of security in a multi-cloud environment requires centralized, automated solutions. In the end, you must pinpoint liability in case incidents occur. Audit logs, define stringent access control rules and monitor activities across the network and you will be well prepared to take action if something goes wrong with your AWS environment.

Follow these best practices when designing cloud architecture and your workloads will be safe and sound:

1. Change the default configurations

The default settings are not the most secure. Therefore, you must tighten the default configurations to ensure they are in compliance with best practice benchmarks to ensure the maximum protection possible. Once this is done, it’s also necessary to monitor and enforce the right security configurations. When it comes to benchmarking threats for multi-cloud, consider using a third party, multi-tenant tool such as Sumo Logic. It offers a unique benchmarking system that has not been replicated. Sumo Logic was born in the cloud even before AWS adopted its own SIEM, and uses machine learning algorithms to benchmark genuine threats. Additionally, The Center for Internet Security (CIS) released the first version of its CIS AWS Foundations Benchmark earlier this year. Once you configure that tool, install the dedicated Sumo Logic App to take advantage of the preconfigured searches and dashboards to analyze your data. We have built-in content to get you started more easily.

2. Manage access meticulously

Protecting your workloads in the cloud is about denying access to unauthorized and unauthenticated users and managing the scope of access already granted. You should follow the principle of “least privilege”, which stipulates that a given user or group should not be allowed to perform any functions outside of their job description. Implement multi-factor authentication as the absolute minimum protection of root accounts and all accounts that contain console passwords. What is more, Identity and Access Management (IAM) will help you achieve the right balance between data security and user access by taking care of identification, authentication and authorization. IAM not only protects your credentials but also allows you to manage the policies applied to them. With IAM you can allow or deny actions, set required conditions for them and inhibit actions for specific resources. Don’t forget to change your IAM access keys at least once every 90 days to protect access to critical services.

3. Encrypt your data

Encrypting your data end-to-end is the minimum requirement for ensuring security, regardless of whether your data is stored at rest or in motion between systems. The scope of encryption needs to be extensive, so all the systems involved in data migration need to be encrypted, especially when PII data is involved. Masking can be another good option to safeguard this sensitive information. At Sumo Logic, we understand the importance of data security when someone entrusts their data to a third-party service provider; it’s critical. That’s why we employ best-of-breed technologies and stringent operational processes to ensure full safety at all times. Sumo Logic encrypts your data during collection and always keeps it encrypted. We can also mask your data if needed.

4. Implement detective controls

Detective controls will help you uncover unwanted incidents and potential threats. This can be done by capturing and analyzing logs, and by integrating auditing controls with notifications and workflow. The AWS security tools that collect and analyze logs provide a solid foundation for identifying and understanding the scope of anomalous activity. Make the best use of CloudTrail, which captures key activities on your account, including those performed via AWS Management Console, AWS SDKs, command line tools and other AWS services. It also provides ample details on API calls. This service must be used to troubleshoot, simplify security analysis and track resource changes. By using Sumo Logic you will be able to take logs from AWS services directly or through CloudTrail. In addition, our solution can be set to trigger a Lambda function as incident response. Tracking logs is essential, but keep in mind that they don’t show the full picture of your environment. Make sure to add HIDS to your intrusion detection picture and you’ll know the what, where and when of any attack. When it comes to implementing auditing controls into notification and workflow systems, CloudWatch Events will help you route events into your predefined targets.

5. Ensure traceability of sensitive changes

Blind spots are the biggest threat to security, so you need to ensure maximum visibility of all the elements within your cloud environment. This in itself will not prevent attacks but will minimize the possibility of their going unnoticed, giving you the opportunity to react. That’s why it’s necessary to have an analytics tool that monitors changes in logs, users (including admins and privileged access users), configurations, behavior, access, file integrity, etc.; all of your workload components. Monitor them separately, but remember to also examine how they work individually, because some of these elements may encounter performance issues when they connect. Monitoring systems are necessary to ensure you discover breaches as soon as possible, giving you the opportunity to prevent further damage. Cloud native solutions such as Sumo will allow you to monitor all 90 services. If multi-cloud is your strategy, pick a solution that works with the maximum number of services used.

6. Ensure full-stack monitoring

Visibility of all your cloud elements from a single pane of glass is crucial to reducing risks in your cloud environment. While it’s good to collect data from AWS, we don’t recommend using legacy solutions for monitoring of potential threats. Not only are these traditional, on-premises analytics tools expensive and hard to scale, but they often fail to deliver the level of visibility required to support modern architectures that customers build at cloud scale. It’s better to integrate native AWS security tools with third-party apps built in the cloud, such as Sumo Logic. Sumo provides full visibility into cloud app stacks across multiple cloud accounts, which is vital to implementing more granular policies and reducing risks. Sumo Logic allows you to effectively monitor and correlate data to get the deep insights needed to identify and respond to security incidents and mitigate damage.

The above measures are instrumental to improving your security posture and responding to threats that target your data and applications. Diversify the security measures between on-prem and third-party security tools to adapt to the security demands of the modern cloud. This way you will make it harder for potential hackers to break in.

Complete visibility for DevSecOps

Reduce downtime and move from reactive to proactive monitoring.

Sridhar Karnam

Sridhar Karnam

More posts by Sridhar Karnam.

People who read this also enjoyed