• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to footer
  • Articles
  • News
  • Events
  • Advertize
  • Jobs
  • Courses
  • Contact
  • (0)
  • LoginRegister
    • Facebook
    • LinkedIn
    • RSS
      Articles
      News
      Events
      Job Posts
    • Twitter
Datafloq

Datafloq

Data and Technology Insights

  • Categories
    • Big Data
    • Blockchain
    • Cloud
    • Internet Of Things
    • Metaverse
    • Robotics
    • Cybersecurity
    • Startups
    • Strategy
    • Technical
  • Big Data
  • Blockchain
  • Cloud
  • Metaverse
  • Internet Of Things
  • Robotics
  • Cybersecurity
  • Startups
  • Strategy
  • Technical

4 Best Practices for Data Security in AWS

Eddie Segal / 5 min read.
August 29, 2019
Datafloq AI Score
×

Datafloq AI Score: 80

Datafloq enables anyone to contribute articles, but we value high-quality content. This means that we do not accept SEO link building content, spammy articles, clickbait, articles written by bots and especially not misinformation. Therefore, we have developed an AI, built using multiple built open-source and proprietary tools to instantly define whether an article is written by a human or a bot and determine the level of bias, objectivity, whether it is fact-based or not, sentiment and overall quality.

Articles published on Datafloq need to have a minimum AI score of 60% and we provide this graph to give more detailed information on how we rate this article. Please note that this is a work in progress and if you have any suggestions, feel free to contact us.

floq.to/jg36h

Amazon Web Services (AWS) is currently the most widely adopted cloud service provider, with nearly a million companies using their services. With exabytes of data stored in their services, it should be no wonder that data security is a huge issue for AWS and the customers it serves.

If you are one of these customers, this article should help you understand how security is managed in AWS and teach you some best practices for ensuring that your data remains secure.

Security Responsibility in AWS

Before considering best practices for keeping your data secure in AWS, it helps to first know what you are responsible for. AWS services operate under a shared security responsibility model which states that Amazon is responsible for infrastructure and you are responsible for everything else, including access and authentication, data, operating systems, external networks, applications, and third-party integrations.

To help with this responsibility, however, Amazon does provide tools for your use, such as built-in encryption and Identity and Access Management (IAM). Some of these features are enabled by default, depending on the service you’re using, but in the end, it’s up to you to make sure that your configuration is appropriate and that you are making use of the resources AWS provides.

Best Practices

Effective data security requires understanding not only where your data is vulnerable but what can be done to identify security faults and how to eliminate them. Each service and data type is different and the methods that will work best for your system will depend on those variables, but the following best practices should apply to most configurations.

Duplicate Your Data

It may seem obvious but backups only work if you make them, consistently and frequently. If you are not backing up your data in a reliable way, it will be difficult if not impossible to recover regardless of whether your database gets corrupted, data gets mistakenly erased, an attacker holds your systems ransom, or a natural disaster occurs.

An additional point to remember is that if you keep your backups with the data they are duplicating, they probably won’t be as useful. A better strategy is to keep copies isolated, either on different services, different networks, or different devices.

AWS Backup was recently released to help simplify and centralize this process for you. It’s fully managed, allows automation through policies, and covers a range of services, including EFS, DynamoDB, RDS, EBS, and Storage Gateway.

If Backup doesn’t cover the services you’re using, or if you just want extra flexibility, you can still automate through Lambda or the CLI. You can see an example of this with EBS snapshots to get a better idea of how to set it up. The same process can be used with any service that can be reached through API.

Audit Your Risks

Knowing how to secure your data requires awareness of what you have and where it is stored. If you tagged your resources during configuration, this may be easy to figure out but if you didn’t, now is the time to do so. Tagging will help you prioritize data security through access permissions, backup policies, monitoring, and more.


Interested in what the future will bring? Download our 2023 Technology Trends eBook for free.

Consent

After you have an inventory of your data, you need to evaluate how your data can be accessed, what your current protections are, and how you are verifying that your data remains secure. This information will dictate how you should configure access rights and permissions, what authentication types you should be using, and how closely you need to monitor your systems.

Limit Data Access

If you focus on the principle of least privilege when configuring access rights and permissions you’ll have a good start. With AWS, in general, you will be controlling access through a combination of IAM policies and Access Control Lists (ACLs).

With IAM, you can create and manage policies that separate management flow and database administration from application flow and assign them based on individual users, groups, or roles. IAM also allows resource-based policies but they only work for a limited number of services.

When creating policies, avoid the use of general permissions and root users to minimize the potential damage caused by compromised credentials and periodically audit your users and roles to eliminate ghost accounts or inactive users.

With ACLs, you can restrict network traffic and access rights by resource and by minimizing open ports by instance. If possible, you should extend these restrictions to isolate your services, known as micro-segmentation. By reducing entry points to your data and systems, you reduce your overall vulnerability.

Limiting access also involves systematically making sure that the data in your systems needs to be there and evaluating if it can’t be stored more securely elsewhere. Infrequently accessed data such as compliance logs or legacy projects don’t need to be stored with your production data and can likely be safely moved to cold storage. If you find that you have data that you can eliminate, make sure that it is cleanly erased to further reduce liability.

Encrypt Your Data

AWS offers tools for encrypting data both at-rest and in-transit as a built-in feature. Unless you have access to a better solution or have a very good reason not to use encryption, you should use it. The specific tools available to you depend on which services you’re using and many services can be integrated with third-party security tools as well.

The primary tool used by most AWS services is the Key Management Service (KMS) which grants centralized control over your encryption keys. With KMS, you can use either an AWS defined customer master key or a key imported from your own encryption infrastructure. KMS can automatically rotate master keys once a year, without needing to re-encrypt, to further secure your data. It can be used to manage both server and client-side encryption, both of which you should use if possible.

Conclusion

Arguably, AWS cloud services provide more security than most organizations would be able to accomplish on their own, if only for the sheer amount of security expertise that the provider employs. Nevertheless, enabling the security features that AWS offers, verifying that your configuration is correct, and monitoring your system is all up to you.

To make sure that your data is kept safe and your liabilities are minimized, ensure that you are meeting these best practices and set aside some time to stay updated on the newest security tools, features, and vulnerabilities as they arise. The OWASP Cloud Security Project is a great resource to start with.

Categories: Cybersecurity, Technical
Tags: Amazon, best practices, Data security

About Eddie Segal

I'm an electronics engineer and also a technology writer. In my writing I'm covering subjects ranging from cloud storage and agile development to cybersecurity and deep learning.

Primary Sidebar

E-mail Newsletter

Sign up to receive email updates daily and to hear what's going on with us!

Publish
AN Article
Submit
a press release
List
AN Event
Create
A Job Post

Related Articles

Everything You Should Know About 3D Pose Estimation

April 1, 2023 By yanakhain

How to Build Microservices with Node.js

March 30, 2023 By Annie Qureshi

How to Validate OpenAI GPT Model Performance with Text Summarization (Part 1)

March 29, 2023 By mark

Related Jobs

  • Software Engineer | South Yorkshire, GB - February 07, 2023
  • Software Engineer with C# .net Investment House | London, GB - February 07, 2023
  • Senior Java Developer | London, GB - February 07, 2023
  • Software Engineer – Growing Digital Media Company | London, GB - February 07, 2023
  • LBG Returners – Senior Data Analyst | Chester Moor, GB - February 07, 2023
More Jobs

Tags

AI Amazon analysis analytics application applications Artificial Intelligence BI Big Data business China Cloud Companies company costs crypto Data design development digital engineer environment experience future Google+ government Group health information learning machine learning market mobile news public research security services share skills social social media software strategy technology

Related Events

  • 6th Middle East Banking AI & Analytics Summit 2023 | Riyadh, Saudi Arabia - May 10, 2023
  • Data Science Salon NYC: AI & Machine Learning in Finance & Technology | The Theater Center - December 7, 2022
  • Big Data LDN 2023 | Olympia London - September 20, 2023
More events

Related Online Courses

  • Narrative Economics
  • Big Data & AI World, Singapore
  • Velocity Data and Analytics Summit, UAE
More courses

Footer


Datafloq is the one-stop source for big data, blockchain and artificial intelligence. We offer information, insights and opportunities to drive innovation with emerging technologies.

  • Facebook
  • LinkedIn
  • RSS
  • Twitter

Recent

  • Everything You Should Know About 3D Pose Estimation
  • 12 Data Quality Metrics That ACTUALLY Matter
  • How to Build Microservices with Node.js
  • How to Validate OpenAI GPT Model Performance with Text Summarization (Part 1)
  • What is Enterprise Application Integration (EAI), and How Should Your Company Approach It?

Search

Tags

AI Amazon analysis analytics application applications Artificial Intelligence BI Big Data business China Cloud Companies company costs crypto Data design development digital engineer environment experience future Google+ government Group health information learning machine learning market mobile news public research security services share skills social social media software strategy technology

Copyright © 2023 Datafloq
HTML Sitemap| Privacy| Terms| Cookies

  • Facebook
  • Twitter
  • LinkedIn
  • WhatsApp

In order to optimize the website and to continuously improve Datafloq, we use cookies. For more information click here.

settings

Dear visitor,
Thank you for visiting Datafloq. If you find our content interesting, please subscribe to our weekly newsletter:

Did you know that you can publish job posts for free on Datafloq? You can start immediately and find the best candidates for free! Click here to get started.

Not Now Subscribe

Thanks for visiting Datafloq
If you enjoyed our content on emerging technologies, why not subscribe to our weekly newsletter to receive the latest news straight into your mailbox?

Subscribe

No thanks

Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.

Marketing cookies

This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.

Keeping this cookie enabled helps us to improve our website.

Please enable Strictly Necessary Cookies first so that we can save your preferences!