AWS: Data Security Best Practices

June 20, 2017 - by Synoptek

Share Button

The #1 question of the past 10 years has been, “is it safe to move to the cloud?” The answer: Yes, however, it requires proper configuration and continuous tweaking to ensure your environment remains secure and compliant. The necessary level of diligence can be quite high and requires resources and expertise around the clock. When using a Public Cloud provider its essential to understand what security is provided and what you need to do to ensure your data is secured.

Do Not Remain in the Dark – Understanding the Shared Security Responsibility Model 

Most Public Clouds break down the shared security responsibility model into two primary categories: security in the cloud, and security of the cloud. Many organizations maintain a false belief that the Cloud Provider is responsible for securing their data, and they are unaware of what responsibility they own. This can lead to increased security risks, potential data loss, and failure to meet compliance and regulation requirements. Amazon makes it clear it that they are responsible for the physical security of the data centers and underlying pieces of infrastructure, which includes: computing, storage, database, and networking. While, the customer is responsible for security in the cloud, and this includes: data protection, identity and access management, operating system configuration, network security — access controls — and encryption.

AWS Data Security Recommendations 

To ensure your organization is optimized for security and compliance in AWS, consider these best practice recommendations:

  • Integrate Multi-Factor Authentication (MFA) – adds an extra layer of protection on top of user names and passwords
  • Employ temporary security credentials instead of long-term access keys
  • Enable CloudTrail – records AWS API calls for your account and delivers log files to you
  • AWS Identity and Access Management (IAM) – create and manage AWS users and groups and use permissions
  • Amazon S3 Server Side Encryption (DATA AT REST) handles all encryption, decryption, and key management in a totally transparent fashion
  • Encryption of data during transmission is typically achieved using Transport Layer Security (TLS) between two endpoints
  • AWS developed a secure key and credential manager to create, protect, and distribute symmetric keys
  • Change IAM access keys that are older than 60 days
  • Renew SSL certificates before they expire
  • AWS has established a policy for you to request permission to conduct penetration tests and vulnerability scans (Learn More)

This list highlights a small sampling of the necessary security measures you should undertake. However, many companies are ill prepared to undertake even these tasks to secure their AWS environment, let alone implement additional changes to meet evolving security and compliance requirements. Additionally, internal IT teams just do not have the resources nor the bandwidth necessary to implement these security controls in a timely fashion.

Form a Partnership with an AWS Expert 

An experienced AWS partner like, Synoptek, has the experience and skill set to help design, implement, and maintain security your AWS environment. Synoptek can provide proactive security and monitoring ensuring that your environment is secure, stable, and compliant — which leaves your internal IT team available to focus on strategic projects to move your business forward.

Synoptek’s Managed AWS Service can help you:

  1. Risk Management
    • 24×7 Support & Uptime
    • Manage 200 Security & 400 Availability Best Practices
    • Continuous Compliance
  2. Reduce Costs
    • AWS environment right-sizing
    • Idle resource management
    • Purchasing options
  3. Optimize Direction
    • Dedicated AWS advisor
    • Strategic Security & Compliance guidance
    • Technology roadmap

Synoptek provides more than 200 critical security best practice checks and alerts stemming from standards, regulations, AWS recommendations, and our in-house experts. Contact us to learn more.