Data Theft and AWS Deployments

Data theft: no one’s immune

Because, in conformance with their Shared Responsibility Model, AWS does such a good job protecting their physical infrastructure, many of the kinds of data theft that plague locally-hosted operations aren’t likely to threaten your cloud-based servers.

data theftConsider, as an example, the unauthorized individual who just sat down in front of that workstation over there… the one right behind the room divider. See how easily he’s able to bypass network checkpoints by posting his freshly encoded data to social networking accounts or fax-to-email services? I’ll bet you’ll never see anything like that happening inside an Amazon server farm.

But not so fast with the smug grin: this definitely doesn’t mean you’re off the hook. Not even close. After all, the kind of disaster that recently hit Morgan Stanley – and 350,000 of its customers – could just as easily have happened on an AWS-hosted system. Data theft (sometimes called “data exfiltration”) is a serious threat to all networked systems, and you’ve got responsibilities to your customers, investors, and society at large to do your part to prevent it.

Data theft: preventative solutions

Here’s a checklist of steps you can – and should – take to both harden your deployment and, in general, tighten the way you interact with your cloud resources:

  • IAM. The less access to your resources you provide to team members and applications, the lower the chances that your data will go missing. Through their Identity and Access Management (IAM) service, AWS allows you to expose your individual compute and data resources to specific purpose-built users and roles, rather than to all and sundry who might be associated with your account. Use it.
  • Penetration-testing. When asked in advance, AWS will provide permission for you to launch simulated attacks against your cloud infrastructure. Using specialized operating system distributions like Kali Linux, you’ll get a first-hand look at how well your ACLs, security groups, and VPCs are configured, and how easy it will be for the bad guys to blow past them.
  • Anti-phishing training. All the stealth technology in the world won’t do much good if someone on your team clicks on the “fix the problem” link in the fake “your account needs resetting” email he just received.
  • Secure your own local infrastructure. You can’t very well blame Amazon if the gentleman at Data Theft Incorporated got your account authentication data through a keystroke tracker installed on the compromised PC you’re using, can you?
  • Log monitoring. System access and event logs exist for a reason. Hint: it might have something to do with keeping track of system access and events.
  • CloudWatch. Haven’t got the time or patience to properly monitor your logs? Once you set them to trigger alarm notifications upon detection of unusual activity, the friendly electrons at Amazon’s CloudWatch will be only too happy to do it for you.

Data Leak Prevention technology

Besides those more integrated approaches, there’s also Data Leak Prevention (DLP) technology, an entire class of software solutions aimed at data theft protection. DLP systems use machine learning heuristics, user activity monitoring, and sometimes honeypots to monitor a network.

They’ll particularly focus on analyzing data when it’s in motion (network), at rest (archived), and in use (endpoints). Should you feel the need is pressing enough, there’s no reason you can’t install such a package on part of your cloud infrastructure to keep watch over your account resources.

Of course, DLP systems are available from many of the usual suspects like Symantic and McAfee. But it’s the Linux-based open source packages, MyDLP and, perhaps, OpenDLP that should interest us the most because they’re likely to be flexible (and Linux-friendly) enough to fit comfortably into the AWS environment.

The bottom line? The tools we’ll need to defend our cloud deployments against data theft are available. We’ve just got to decide to use them.

Avatar

Written by

David Clinton

A Linux system administrator with twenty years' experience as a high school teacher, David has been around the industry long enough to have witnessed decades of technology trend predictions; most of them turning out to be dead wrong.


Related Posts

Vijayakumar Athithan
Vijayakumar Athithan
— March 27, 2020

What is Cognito in AWS?

Web applications usually allow a valid username and password combination for successful sign in to the application. Modern authentication flows incorporate more approaches to ensure user authentication. When using AWS, this is no exception, thanks to the abilities and features offered b...

Read more
  • AWS
  • AWS Cognito
  • Solutions Architect
Connie Benton
Connie Benton
— March 25, 2020

How To Build a Career with AWS Certifications

From Iaas and PaaS solutions to digital marketing, cloud computing reshapes the world of technology. As the influence of this technology grows, so does investment. Tens of billions of dollars are being spent on cloud computing-related services each year. This influx is continuing to inc...

Read more
  • AWS
  • Certifications
Avatar
Andrew Larkin
— March 20, 2020

The 12 AWS Certifications: Which is Right for You and Your Team?

As companies increasingly shift workloads to the public cloud, cloud computing has moved from a nice-to-have to a core competency in the enterprise. This shift requires a new set of skills to design, deploy, and manage applications in cloud computing. As the market leader and most ma...

Read more
  • AWS
  • AWS Certifications
Alisha Reyes
Alisha Reyes
— March 17, 2020

Cloud Academy’s Blog Digest: How Do AWS Certifications Increase Your Employability, How to Become a Microsoft Certified Azure Data Engineer, and more

With everything going on right now, it's likely that the only thing you've been reading lately is related to the coronavirus pandemic. It's important to stay informed during these times, but it's also good to jump into something that can take your mind off of the current situation for j...

Read more
  • AWS
  • Azure
  • blog digest
  • Certifications
  • Cloud Academy
  • programming
  • Security
Avatar
Cloud Academy Team
— March 13, 2020

Which Certifications Should I Get?

As we mentioned in an earlier post, the old AWS slogan, “Cloud is the new normal” is indeed a reality today. Really, cloud has been the new normal for a while now and getting credentials has become an increasingly effective way to quickly showcase your abilities to recruiters and compan...

Read more
  • AWS
  • Azure
  • Certifications
  • Cloud Computing
  • Google Cloud Platform
Alisha Reyes
Alisha Reyes
— March 7, 2020

New on Cloud Academy: Intro to GitOps; AWS Courses; Java, Python, Amazon Linux 2, Ubuntu, & Docker Playgrounds; and much more

New Lab Playgrounds This month, our Content Team released six new "playground labs." Our playground labs provide a safe and secure sandbox environment for you to explore your own ideas, follow along with Cloud Academy courses, or answer your own questions — all without having to instal...

Read more
  • AWS
  • Azure
  • gitops
  • Google Cloud Platform
  • lab playground
  • programming
Alisha Reyes
Alisha Reyes
— March 6, 2020

New on Cloud Academy: Intro to GitOps; AWS Courses; Java, Python, Amazon Linux 2, Ubuntu, & Docker Playgrounds; and much more

New Lab Playgrounds This month, our Content Team released six new "playground labs." Our playground labs provide a safe and secure sandbox environment for you to explore your own ideas, follow along with Cloud Academy courses, or answer your own questions — all without having to instal...

Read more
  • AWS
  • Azure
  • gitops
  • Google Cloud Platform
  • lab playground
  • programming
Patrick Navarro
Patrick Navarro
— March 4, 2020

AWS Certifications: How Do They Increase Your Employability and Progress Your Career?

AWS certifications are no walk in the park. They’re designed to validate in-depth, specialist knowledge and comprehensive experience, often requiring months of dedicated studying to earn even for those already working with the cloud platform. But the rewards that AWS professionals ca...

Read more
  • AWS
  • AWS certification
  • certification
Avatar
Chandan Patra
— February 21, 2020

Elasticsearch vs. CloudSearch: AWS Cloud Search Choices

Elasticsearch vs. CloudSearch: What's the main difference? Let's compare AWS-based cloud tools: Elasticsearch vs. CloudSearch. While both services use proven technologies, Elasticsearch is more popular, open source, and has a flexible API to use for customization; in comparison, CloudS...

Read more
  • AWS
  • Azure
  • cloudsearch
  • elasticsearch
Avatar
Andrew Larkin
— February 13, 2020

Cloud Academy Content Roadmap Updates

Welcome to our Q1 2020 roadmap. This is the content we plan to build over the next three months, between February 1 - and April 30, 2020. Let's look at some of our roadmap highlights. Atlassian Bamboo for CI/CD We had a lot of requests for practical guides on how to apply DevOps tool...

Read more
  • Artificial Intelligence
  • AWS
  • Azure
  • Docker
  • Google Cloud Platform
  • Kubernetes
  • Machine Learning
Alisha Reyes
Alisha Reyes
— February 7, 2020

New on Cloud Academy: Git Labs, CKA and CKAD Lab Challenges, AWS and Azure Learning Paths, AGILE, and Much More

We just kicked off our first Free Weekend of 2020. This means we've unlocked our Training Library for just 72 hours. Until Sunday at 11:59 pm (PST), you can get unlimited access to our industry-leading learning paths, courses, certification prep exams, and our most popular hands-on labs...

Read more
  • agile
  • AWS
  • Azure
  • Google Cloud Platform
  • Linux
  • OWASP
  • programming
  • red hat
  • scrum
Avatar
Stuart Scott
— February 6, 2020

How to Encrypt an EBS Volume

Keeping data and applications safe in the cloud is one of the most visible challenges facing cloud teams in 2020. Cloud storage services where data resides are frequently a target for hackers, not because the services are inherently weak but because they are often improperly configured....

Read more
  • AWS
  • EBS
  • Encryption