Moving to cloud service providers like Amazon Web Services (AWS) for dev/test and production infrastructure has become not only common, but the preferred infrastructure for a growing number of companies with a cloud first strategy. The ability to access applications at any time, from any device, anywhere in the world, saves money, resources, and time, allowing companies to work more efficiently. However, security is just as important with cloud instances as if it were you managing your own system.
AWS security is a shared responsibility between Amazon and the end user. According to Amazon, “Cloud security at AWS is the highest priority. As an AWS customer, you will benefit from a data center and network architecture built to meet the requirements of the most security-sensitive organizations.” AWS also offers a wide variety of security tools and solutions you can take advantage of, such as certificate management, encryption tools, Hardware Security Modules for storing private keys, and Web application firewalls.
However, security of the applications running on AWS remains the responsibility of the individual administrators. You must still implement critical defense mechanisms, from root credentials to security groups and identity management to access policies, as well as managing patch remediation and reporting systems. And as with on-premise hardware, traditional security and compliance protocols still apply to a cloud based infrastructure.
To support customers, AWS also provides guidelines for ensuring data security in the cloud. Their recommendations include:
- Protect your root access key like you would your social security number
- Use individual credentials for each IAM user
- Use AWS-defined permission policies
- Error on the side of granting least privilege to users, limiting their access
- Require strong rotating passwords
- Enable MFA
- Use roles instead of credentials when sharing AWS account access
- Use logging features to monitor your AWS account
The above list is an excellent reminder of basics for maintaining a secure AWS account. However, these recommendations focus only on user access to AWS, not the software and applications running on AWS. Applications are the yin to the users yang of a solid security foundation. Your AWS environment will still need to be monitored and patched on an ongoing basis. Back in 2012, Phil Cox, now the VP of Security & Compliance at Coupa, noted in a Quora post that patching is critical to maintaining a secure AWS instance.
Historically, patching solutions were limited by operating system (OS), e.g. Windows only, and location, behind a corporate firewall. They were also limited to detection and notification. But knowing there is a problem is only half of the battle. The remediation of threats remained a manual process, requiring valuable time from IT staff to patch each server or network device. Because of the this, most patches were put on the back-burner and forgotten about.
The need for a single patching solution that works across any OS, any application, anywhere, (on-premise or cloud based) is why Automox was created. It is the first cloud based patching solution that is fully automated, OS agnostic, and works across your entire infrastructure.
Cloud based patching eliminates one of IT’s long standing headaches, patch remediation. By automating the remediation process, the final missing element of a strong security suite is in place. Keeping your AWS account(s) secure from threats and vulnerabilities now takes minutes instead of hours or even weeks. Automox monitors your infrastructure, alerts you to new vulnerabilities, and automatically remediates them according to your pre-defined patch policies. From set it and forget it complete automation to fully customized patching schedules and test environments.
As you scale your virtualized infrastructure with AWS, automated patch remediation can help you maintain your security and compliance levels. Contact us to learn more or check us out on your own and sign up for a free full access trial.