Some security experts have described the recent exposure of sensitive information of 198 million Americans — nearly all registered voters — as “the mother load of all leaks.” Deep Root Analytics, the data analytics firm that left its AWS database exposed on the public internet for two weeks, is now facing its first class-action lawsuit. The uproar over the leak will likely continue for a long time.
More than anything, this security incident highlighted the need for organizations to protect their often-overlooked Infrastructure-as-a-Service systems like AWS. The Deep Root Analytics data repository was in an S3 bucket without protected access, accessible to anyone who would navigate to a six-character Amazon subdomain.
Implementing the right security strategy can prevent this kind of leak in the future. It would also help protect data from other threats. Although Amazon Web Services has invested heavily in security, the platform is not impenetrable. For example, AWS has sophisticated capabilities to prevent a denial of service attack, but a large-scale attack could still overwhelm those defenses.
A security strategy also needs to protect against threats from insiders, privileged users and third parties such as vendors and partners. On average, enterprises experience about 11 incidents tied to an insider threat every month, whether from people acting maliciously or negligently. Additionally, a large percentage of breaches can be traced back to a third-party compromise.
Typically, cloud providers use a shared-responsibility model for security. AWS is no exception. Under this model, Amazon takes responsibility for the security “of” the cloud — its infrastructure, including the software, hardware and facilities hosting the services. The company is responsible for protection against intrusion, as well as detecting abuse and fraud.
AWS customers, on the other hand, are responsible for security “in” the cloud. In other words, organizations take responsibility for the security of their content and applications that use AWS and identity and access management. Additionally, they must monitor their own network and firewall configurations, as well as their operating systems.
Click here to read more