Last updated: 16 May 2016
This begins a series of blog posts about how to address data security in the AWS cloud environment with the SafeNet product line from Gemalto. Topics that will be addressed include: how to store data in the AWS cloud with customer-owned encryption, roots of trust, the importance of secure key management, encryption and pre-boot authentication for EC2 and EBS, and customer-owned object encryption for Amazon S3.
What’s not to love about cloud computing? Not only is it an agile, cost-effective way to run business-critical applications and store information, but the data itself is kept safe from rouge administrators, prying eyes, and hackers because it’s stored waaay up there in the cloud . . . right?
If only it were that simple. The fact is that physical security is only part of the cloud data security story—and, although it makes a nice visual, the story doesn’t involve a bright blue sky and the white, cotton-like puffs that populate it.
So, is my data safe in the cloud? The answer is complicated and dependent not only on your chosen cloud service provider and its ability to physically and logically secure your information but also on the online accessibility to and the outright ownership of your data.
A cloud service provider delivers the infrastructure and foundation for the business applications and information you migrate to the cloud. Amazon Web Services (AWS), a recognized leader in cloud infrastructure services, is dedicated to protecting mission-critical information from accidental or deliberate theft, leakage, integrity compromise, and deletion. AWS offers physical and logical protection services that are aligned with security best practices. Physical security measures include strictly controlled data center access both at the perimeter of the property and at the building itself such as video surveillance, intrusion detection systems, and other electronic means. Logical security measures feature capabilities such as disk wiping for both Amazon EBS and instance ephemeral volumes, instance isolation in Amazon EC2 environments, and identity and access management for access to the AWS Console and APIs. The AWS compliance framework covers FISMA Low and Moderate, PCI DSS Level 1, ISO 27001, SOC 1/SSAE16, and HIPAA.
Physical and logical security is only part of the cloud data security story. Online accessibility and availability to your cloud data is another. With over five times the compute capacity of its fourteen nearest competitors and its own Marketplace store, Amazon Web Services gives customers a web-based front-end to purchase and deploy cloud-based infrastructure—as well as hundreds of related applications—from both AWS and its partners. Why is this important? Because, under the AWS shared responsibility model, AWS customers are responsible for protecting the confidentiality, integrity, and availability of their data in the cloud as well as meeting specific business requirements for information protection.
Understanding cloud data security—encryption features, options, and add-ons that offer different levels of protection—is a critical consideration for every enterprise who entrusts its company data to the cloud. After all, it’s not just your data you’re protecting—it’s the data of your prospects, customers, clients, vendors, partners, and everyone you do business with. And, with that responsibility, it’s not enough to play it safe—the only way to keep your data safe in the cloud is by keeping your head in the cloud, too.
For more information on keeping your data safe in the cloud, read our ebook, How to Enhance Security in AWS.