Seven tips for protecting your AWS Cloud

Code Spaces was hacked and had to shut down - what can you learn from this?

Service provider, Code Spaces, a company that provided support for devops application management. Code Spaces, which was hosted in Amazon Web Service's Cloud, has ceased operations. after suffering a distributed denial-of-service attack by a perpetrator who demanded ransom and then began deleting data when company officials logged into their AWS account to stop the attack.

The episode raises the question: How can you prevent this from happening to your AWS Cloud account?

+ MORE AT NETWORK WORLD: Code Spaces forced to close its doors after security incident | MORE BREACH PREVENTION ADVICE: 6 Ways to stop a breach like the one at AT&T +

Below are best practices to follow when using AWS's cloud, or really any IaaS cloud.

The biggest thing to remember is that when customers use the cloud, security is not inherently provided for all workloads. AWS stresses that it has what it calls a "shared security" model. This means that AWS will provide the security of its physical data centers (the virtual machines, storage and even security features), but it is up to customers to implement security services on top of their AWS infrastructure.

A common method for making it hard for hackers to get into your account is by enabling two-factor authentication (2FA). This process requires users to present two forms of verification before logging into a system. For example, a password and a code that is generated and entered by the user. AWS offers a free multi-factor authentication service (click here for more information on it).

It's one thing to have two-factor authentication, but it's another to ensure that those private keys are protected. AWS has a variety of options to ensure this, including its HSM, which stands for Hardware Security Module. It's an appliance that helps organizations manage their keys, and it can sit behind a customer's firewall on its own premises. Learn more about HSM here.

Users can make it hard for hackers to get into the cloud, but you'll probably also want to make sure that no unauthorized users actually have gotten in. There are a variety of options to monitor AWS usage, including some free AWS tools, and many other services that you can buy in the AWS Marketplace.

One AWS tool is called CloudTrial, which the company released at its re:Invent Summit last year (the offering is still in beta). It creates an API-log that reports all of the activity in a user's account. This data can be dumped into monitoring solutions and analyzed. Read more about that from AWS here.

The idea is that you should look for abnormal behavior, like unknown users logging in at unusual times or from unusual IP addresses. There are a variety of tools in the market that perform these tasks as well. One, called Skyfence, is a proxy-based system that monitors AWS activity and alerts users when something out of the ordinary is happening.

If you have a monitoring tool in place to identify unwanted activity, the next step is making sure that the unauthorized guest cannot cause damage. The Skyfence tool's proxy system can shut down AWS accounts, add authentication credentials to access the management console and require that any changes to the AWS cloud are approved by authorized users. In the Code Spaces case, this could have prevented the hackers from deleting data in the company's AWS cloud.

There are a variety of other ways to ensure that hackers can't cause damage, even if they do get into your AWS account. One is by encrypting the information stored in AWS's cloud. AWS's marketplace has many different encryption vendors, such as SafeNet and Vormetric, that provide various encryption services. Note that AWS provides some base-level encryption for its Simple Storage Service (S3) and some other services, but that is meant to protect mass attacks against the entire system. If a hacker gains access to a user's account, this encryption will not be effective to prevent intruders from modifying the data.

The Code Spaces incident started off as a DDoS attack, which then spiraled into a larger breach. One way to prevent DDoS attacks is to implement a Web Application Firewall. These are available in the AWS Marketplace from companies like Barracuda and Alert Logic. These offerings can be used to monitor the traffic coming in, recognize unusual behavior like a DDoS, and block it.

A best practice for security is to back data up, says Rob Ayoub of NSS Labs, who recently wrote a paper on AWS Security best practices. Backing up data may not prevent an attack, but it could help you quickly recover from one.

Many people have a misconception that if data is stored in the cloud it will automatically be backed up. That's true for some services, but not all. AWS Elastic Block Store (EBS) and S3, for example, are highly available, meaning that AWS promises with a high degree of certainty that the data will not be lost because it is backed up within the system (if a user gains access to the management console this data can be modified though, rendering the built-in backups useless). EC2 virtual machine instances are not automatically backed up. Know which services come with what guarantees by researching them before using.

The idea here is that if a hacker does gain access to an account and causes damage, the user has a backup copy of the data that it can revert to. Each user has to evaluate what data they want to back up. Some organizations back up everything; others only justify backing up mission critical data. Some backups are live, meaning that it is copied in real time. Others can be set to be done daily, weekly, monthly or in whatever interval the customer wants.

AWS has a variety of backup options, including its various storage and database offerings, like S3, EBS and DynamoDB. It also has Glacier, which is a "cold storage" service that provides very low cost, highly fault tolerant storage, but with relatively slow response times for retrieving the data. Other customers may be more comfortable with backing up the data to their on-premises environment rather than to the cloud.

Another misconception, Ayoub says, is that applications in the cloud will always be updated. That may be true in a SaaS environment, but in IaaS not so much. AWS provides the base-level infrastructure to host applications. It's up to the customer to control the applications that run on those virtual machines. Many vendors update their software frequently to patch bugs and update their security features. All those advancements are useless if you do not have the most up-to-date version of the software running on it.

Would these tips have prevented the Code Spaces situation? There is no way to know. Ayoub says the reality is that many organizations are not taking appropriate security precautions. Although using the cloud can come with economic benefits such as lower hardware costs, ease of management and ubiquitous access, you shouldn't just throw workloads into the cloud without thinking hard about security.

Join the CSO newsletter!

Error: Please check your email address.

Tags amazonsecuritydata breachCode Spacescloud computinginternetcloud storage

More about Amazon Web ServicesAustralian Pharmaceutical IndustriesSafeNetVormetric

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Brandon Butler

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts