If you’re considering moving your business to the cloud, you may have looked into Amazon Web Services (AWS). AWS has been a leader in cloud services for some time, but recent breaches in security have shaken many customers’ faith in the platform. Before you dive into AWS, consider just how secure this leading platform truly is.

Recent Breaches

Image via Flickr by Ray_LAC

One of the biggest breaches in security for AWS servers happened back in July 2017. Over 14 million Verizon customers had their information exposed simply because one contractor working for the organization didn’t secure the data. The customer information was stored on an AWS S3 server, and the contractor left the data open to anyone who had the web address. Luckily, Verizon caught the error before anyone actually found the data.

Another more recent breach happened in September 2017 when Accenture accidentally exposed 137GB of confidential patient data to the public. Four AWS servers were unsecured, meaning anyone could have easily downloaded the content if they had the web address. Luckily, a security researcher found the breach and reported it to Accenture before anyone could take advantage of it.

Built-in Security Features

Despite these harrowing tales of vulnerable data, AWS offers a plethora of safety features to keep your information private. There are plenty of infrastructure security capabilities, including network firewalls, encryption in transit, and connectivity options. You can also utilize DDoS migration, data encryption, and regular scans by a security assessment service. With AWS CloudTrail, you can monitor API calls, and with Amazon CloudWatch, you can get notifications when certain events happen.

The problem is that an administrator must set up most of these features before they function. If you simply upload your data without personalizing your server, you might not have the security that you crave.

Vulnerability Reporting System

If you do happen to experience any suspicious activity on your AWS account, Amazon makes it easy to report. All you have to do is submit a suspicious email or vulnerability log, and security experts will examine the problem. This reporting method helps keep your data safe, especially if you don’t have a dedicated tech team to handle suspicious threats.

Add Your Own Security

While the features that AWS includes on its servers are quite potent, that’s not stopping you from adding another layer of security. To give yourself a failsafe level of protection, utilize a cloud access security broker (CASB). A CASB acts as a gateway between AWS and the individual user. It monitors all activity to help you enforce compliance to company policies and restrict user access. You’ll be able to see if a user is doing something they shouldn’t and put an end to it immediately to prevent data breaches.

If a hacker is threatening your data, you’ll be able to respond right away thanks to real-time threat protection alerts.

CASBs can also audit the security configuration of an AWS environment to determine whether it has been setup securely. This means scanning to see if any S3 buckets are publically readable/writeable, whether CloudTrail is turned on globally, etc.

Overall, AWS is a good option for many businesses if they take the proper precautions to protect themselves. Relying solely on AWS’s security features should keep you safe, but adding in your own defenses makes your cloud experience a foolproof one.