Cloud Computing Economics - There Is No Free Service

Cloudonomics Journal

Subscribe to Cloudonomics Journal: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get Cloudonomics Journal: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

AWS security AWS Encryption amazon web services  aws security AWS Security: The Shared Responsibility Model

Amazon’s Infrastructure as a Service offering, AWS, boasts an unrivaled global infrastructure. Some of their high-profile customers include Flipboard, Airbnb, and Newsweek, but they serve hundreds of thousands of customers in over 190 countries[1].

AWS operates state-of-the-art, highly-available data centers[2] that provide customers with a framework upon which they can store their data and run their apps. Their public cloud model offers scalability, flexibility, and agility.

But, as with all cloud scenarios, users often wonder about what they sacrifice in terms of data security when using AWS.

46% of respondents to the 2013 Future of Cloud Computing Survey cite security as the top inhibitor to cloud adoption[3]. Another recent study, however, found that these AWS data security fears may be unfounded. In another study, 94% of businesses reported that they saw an improvement in security after switching to cloud computing[4].

AWS Data Security: in their own words


In their AWS Data Security Center, Amazon claims that “The AWS cloud infrastructure has been architected to be one of the most flexible and secure cloud computing environments available today[5].”  AWS Data Security conforms to best security practices and compliance standards:

  • Electronic surveillance and multi-factor access control systems in AWS datacenters.
  • Trained security personnel who authorize access to datacenters on a least privileged basis.
  • Environmental systems designed to minimize the impact of disruptions to operations.
  • Availability zones that enable you to operate in the face of natural disasters.
  • An extensive network of security monitoring systems, providing (DDoS) protection and password brute-force detection.
  • Many more features like built-in firewalls, private subnets, etc.
  • Compliance with difference security regulations like: SOC 1/SSAE 16/ISAE 3402, FISMA, DIACAP, FedRAMP, and other standards[6]

Amazon is responsible for the security of its infrastructure and they do a great job at it.

However, they clearly state on their website that anything you put on the AWS infrastructure is your responsibility to secure.

This is the shared responsibility model: they provide the infrastructure and secure it, you use the infrastructure and must secure that.

AWS Data Security: your part

It is your responsibility to secure your EC2 instances as well as anything you install on them. This is a lot of responsibility, but it is actually in your best interest. Because you control the security of your accounts and data, you can ensure that you are as safe in the cloud as you were in a physical data center. Perhaps even more important, you can ensure that you still own your data – even though you are housing it in public infrastructure.

Make sure you consider these factors as part of your part of the AWS Data Security Shared Responsibility Model:

  • Updates and Patches: Make sure all software and operating systems on the instances you run in EC2, are updated regularly to eliminate security loopholes.
  • Limit access to the root account: Instead of giving access to the root account, you can create groups with access to different AWS resources.
  • Encrypt: Encrypt data at rest and in transit using the industry’s strongest encryption algorithms.
  • Manage encryption keys: This is perhaps the most important aspect of your AWS Data Security Responsibility, so it gets its own section.

Encryption Key Management for AWS Data Security

Amazon has done their part to protect their infrastructure and you have done your part to protect everything you have put on the infrastructure. The last (and, really, an ongoing) step is to properly manage your encryption keys.

By managing them yourself (not through a third party and not even through AWS), you retain control of your data. That is the most significant step you can take to ensure your ownership of your data.

For key management, we recommend split-key encryption and homomorphic key management: techniques which allow you to control your encryption keys so that even in the event of a breach:

  1. No one (not even AWS) can access your data
  2. You maintain compliance with regulations like HIPAA or PCI
  3. Your data is as safe (if not safer) in the cloud as the datacenter.

Read more about it on this white paper.

The post AWS Security: The Shared Responsibility Model appeared first on Porticor Cloud Security.

Read the original blog entry...

More Stories By Gilad Parann-Nissany

Gilad Parann-Nissany, Founder and CEO at Porticor is a pioneer of Cloud Computing. He has built SaaS Clouds for medium and small enterprises at SAP (CTO Small Business); contributing to several SAP products and reaching more than 8 million users. Recently he has created a consumer Cloud at - a cloud operating system that delighted hundreds of thousands of users while providing browser-based and mobile access to data, people and a variety of cloud-based applications. He is now CEO of Porticor, a leader in Virtual Privacy and Cloud Security.