Segmenting Your AWS Data

by Philip Monte Verde 
Silos, they’re great for storing grain, but bad for communication. If your departments work in silos then R&D doesn’t talk with marketing, nor marketing with developers. It is just good organizational theory for a company to break down the silos.
That is, until it isn’t.
In our rush to create lines of communication, companies can create openings for hackers. As more and more employees are given access to networks, there are more available targets for invaders to steal credentials. Once a hacker has logged in under the account of even a lower-level employee they can then work from within to gain access to your data without setting off alerts.
It won’t look like it does on TV. The stuff on Wikileaks and the attack on Sony Pictures may have garnered a lot of attention, but they aren’t typical. These hackers often work slowly and methodically, getting the lay of the land. An attack on the United States Office of Personnel Management – which manages the civil service of the federal government – lasted for nearly a year. Any surgeon will tell you that poking around the body like that is bound to lead to an infection.
Cloud computing has its ways of preventing these lateral movement attacks. Amazon Web Services specifically brings back the silo, but with a modern twist. When you upload your data to AWS it is split apart and scattered to any of fifty different data centers, with your choice of world regions. This leaves no one server for intruders to target and the data remains encrypted with only you having the key.
CloudCheckr helps you get a clear picture of that scattered data. Our Multi-Account Views allows you to visualize your data held on multiple accounts and multiple locations in one single view. By tagging your data you can then create views that are as complex or simple as you would like. (More info here.)
Spreading out resources the way AWS does really minimizes the risk for your data. To make extra sure you are protected, CloudCheckr scans your cloud environment for security threats based against our over 350 best practices checks. As we’ve detailed here before, this includes checks like monitoring security groups, unauthorized login attempts and daily reports of activity both suspicious and benign.
Cloud computing promises new advances in security. Data will become more visible to you, and less visible to them.
Try a free two-week trial of CloudCheckr to see how we can keep you visible and secure.