First, develop a clear picture of what you have – and don’t have – for AWS security today. The NIST Cybersecurity Framework is a good way to think this through:
- Identify: Do you have a clear picture of what your organization has deployed on AWS? Do you know how many AWS Accounts are active at your company? Do you track who uses what AWS resources and for what purpose? We often hear of organizations designing their cloud security with the assumption that they only have a handful of AWS accounts to only discover later that they have hundreds of active accounts around the world.
- What to look for at RSA: Solutions that automate the discovery of workloads and resources deployed on AWS and give you visibility into these resources and how they are being used.
- Protect: AWS makes it easy to innovate fast and build big. Have you assessed whether your portfolio of security products and your current processes will work and scale on AWS? Have you identified gaps or weaknesses in your current approach? Take the time to understand AWS shared responsibility model for security and why you will need a security approach that’s different from your traditional datacenter.
- What to look for at RSA: Establishing effective protection on AWS starts with maintaining a configuration that follows security best practices and keeps it up-to-date even as workloads are brought up and down. Look for solutions that will automatically and continuously validate your configuration so that you are never in a position where, for example, S3 buckets are inadvertently left open to public access.
- Detect: Monitoring an AWS cloud for threats and security risks is all about (1) Tracking the use of deployed resources (workloads on EC2, data in S3, and so on) for any intrusion or rogue usage, and (2) Analyzing the large volume of API calls that AWS logs into services like CloudTrail.
- What to look for at RSA: AWS gives you a ton of data – but can you make sense of it? Seek out solutions that will process the information for you and present actionable insights without the need for hours of manual analysis and data correlation across multiple systems.
- Respond: Security incidents are all but inevitable. Do you have a clear picture of what happened and how to fix it? Rapid incident response is a must in today’s AWS environment.
- What to look for at RSA: Limit your search to solutions that give full visibility across all AWS layers so that you can rapidly follow the trail of an incident, where it started and how it moves through your AWS environment. Stay away for network-centric tools (like firewalls) that provide an incomplete picture in public clouds.
- Recover: Patching up the damage after an attack is only feasible when you have a complete picture of what happened. Can you identify impacted AWS entities as well as their interactions and history?
- What to look for at RSA: Imagine a security solution that delivers, in a graphical format and in one place, a complete view of VMs, containers, apps, users, machines and S3 buckets with specific recommendations of what you need to fix.
Last but not least, if speed of deployment, scale, and elasticity are some of the reasons your organization has been adopting AWS, look for the same attributes in the security solution you plan to deploy for AWS. Security tools demanding daily manual maintenance of rules will simply not scale in an environment where DevOps teams use automated tools to release code from development to staging and production on an on-going basis.
I hope you get the most out of your RSA visit! Of course, I invite you stop by Lacework’s booth (4610) to learn more about how to keep your AWS environment and your AWS Workloads secure. Lacework automates many of the security processes in AWS so that you can keep on innovating fast while staying safe.
Finally, Lacework was named one of 20 emerging security vendors to look for at RSA, so don’t miss the team live at the event.