There’s a common misconception that cloud providers handle security, a relic leftover from hosting providers of previous decades. The truth is, cloud providers use a shared responsibility model, leaving a lot of security up to the customer. Stories of AWS compromise are widespread, with attackers often costing organizations many thousands of dollars in damages.

Luckily, The Center for Internet Security has created the CIS Amazon Web Services Foundations benchmark policy, which provides guidance on best practice security configuration options within the AWS management console.

Let’s look at some common threats to cloud infrastructure and how the CIS policy combined with general security practices help to mitigate them.

1. Phishing

Research shows that 30 percent of phishing emails are opened and that 91 percent of breaches begin with a phishing attack. CIS recommends the common best practice advice of enabling multi-factor authentication (MFA) in section 1.2.

In particular, the AWS root account is especially important to protect with MFA, as it holds access to anything and everything. CIS also recommends enabling alarms to detect when the root account is used (section 1.1) and having separation of roles, which involves setting up different accounts for different tasks (section 1.18).

Generally, phishing training should be offered to all users to limit the possibility of falling for this type of attack. Your organization should create an AWS root account that belongs to an internal user group and not a specific user account. Never use a standard personal Amazon.com shopping account as the AWS root account, and don’t use the root account for everyday work. Consider using a multiple AWS account strategy, so that the compromise of one doesn’t put all assets in danger.

2. Password Management

Breaches of third-party websites are another common method of AWS credential exposure. (Read more...)