Open in app

Sign in

Write

Sign in

AWS Security — Myths Dispelled

Cloud Security — Myths Dispelled

Rishi Raj Singh
2 min readMay 17, 2019

Security should be job zero, instead of being job 10

Security on cloud can be segregated in three major segments:

• General Cloud Security

• Service Security

• Data Security

General Cloud Security — Myths

Compliance issues

• AWS has over fifty compliance related certifications

• These meet country specific compliance and global compliance

When data is moved to cloud, ownership is lost

• Customer always has the ownership

• Accessibility and trace ability lies with customer

• AWS has no access on any data stored on cloud

Public cloud is not as secure as Private Cloud

• Security is setup at multiple levels, like data center perimeter, access control and logging.

• Monitoring in place where any untoward incident is reported, alerted and taken care of in less than a minute using automation

Cannot do security testing on cloud

• AWS follows shared responsibility model where infra is their responsibility and instances is customers

• Customer needs to get approval from AWS

• Once approved security testing, penetration testing can be carried out

• AWS inspector can also we used

Storing sensitive personal data

• AWS encryption meets the strictest industry requirements, FIPs validated (140–2)

• Also offers HSM (hardware security module) for use cases where needed

Service Security — Myths

Serverless services are not secure

• Strong security is built into core serverless services

• Cross account lambda functions don’t run on same EC2

Secure keys being stolen/lost

• Setup MFA

• Use guard duty to get alerts of any unauthorized usage

• Use IAM roles instead of keys

Customer data can be accessed by anyone

• Storage is secure by default and follows no access to anyone, except customer policy

Operating system patching is managed by AWS

• AWS manages all applications up till hypervisor level, anything above that is managed by customer

Data Security — Myths

One customer can access other customers data due to shared tenancy

• Deep level of isolation is present to avoid this

• Xen (hypervisor) is customized by AWS to be more secure

Malicious insider from AWS can look at customer data

• AWS has strict policies to keep human away from data

• Automation is in place to handle things where data is involved

Government can access customer data

• Data is not shared unless it is legally binding

• If data is encrypted by customer key, then even if it shared it is use less for anyone without the key

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Cloud Computing
Cloud Security
AWS
Aws Security

--

--

Rishi Raj Singh
Rishi Raj Singh

Written by Rishi Raj Singh

110 Followers
12 Following

Monk who wants to buy back his Ferrari

No responses yet

Write a response

What are your thoughts?

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams