Amazon AWS Review

Amazon Web Services: Security Processes in the EC2 Cloud


Customer trust and confidence is at the heart of Amazon’s business and with so many customers using Amazon’s platforms to run their business securely and efficiently, Amazon has gone to great lengths to operate and manage a comprehensive control environment. The environment supports secure Amazon Web Services cloud web offerings by ensuring that all necessary policies and processes are used in compliance with AWS certifications.

Within the last few years Amazon Web Services security has achieved notable certifications which include SAS70 Type II audits, PCI DSS Level 1 which involves meeting Payment Card Industry Data Security Standards, ISO 27001 for Information Security Management Systems, and compliance within the Federal Information Security Management Act (FISMA) to properly serve government agency FedRAMP requirements for AWS GovCloud on the Amazon platform.

When Amazon introduced Amazon EC2 it started a process rolling for business customers to run their applications in Amazon’s computing environment. EC2 is the Elastic Compute Cloud which allows business customers to access Amazon’s secure cloud environment through a virtual machine. The platform deploys EC2 security which also supports Amazon Web Services for FedRAMP compliance.

Using Amazon EC2 business customers can create an image of their operating system and applications which is known as an Amazon Machine Image. Once the image is created it is uploaded to Amazon S3 which is Amazon’s Simple Storage Service. The AMI is then registered in Amazon EC2 allowing the customer to summon virtual machines as they are needed. The result is an AWS Virtual Private Cloud for business customers to conduct operations without the exorbitant expense of IT infrastructure. For this reason, Amazon must ensure the environment meets all compliance and security standards hence the acquisition of the certification described earlier.

Amazon EC2 Security Processes

Amazon’s approach to AWS security involves layered security processes which maintain data integrity and provide secure EC2 instances while still maintaining configuration flexibility to meet the individual requirements of EC2 business customers.

  • Administration Hosts: For business customers who require access to the management platform, Amazon uses a level of security to accommodate administration hosts without posing a risk to data integrity and other users. Through the use of AWS Identity and Access Management, this is accomplished by auditing all access activity and using a log to track the activity. If the user accessing the management platform terminates their authentication privileges then the privileges are automatically discontinued which ensures secure AWS applications.
  • Customer Controlled Instances: Amazon EC2 allows for virtual instances which are solely controlled by the customer. Business customers exercise full control and at no time can Amazon intervene by logging in to the customer’s operating system. For this reason, a set of practices is in place to guide the customer on authentication processes for AWS VPC in order to access the virtual instances. This involves designing an authentication and privilege system which can be enabled and disabled according to changing needs of virtual machine users.
  • Firewall: As part of the AWS Security Center, EC2 Business customers have access to a complex firewall solution which can be configured to meet the individual needs of each business customer. For example, the firewall for Amazon EC2 is typically configured by default to block all traffic. If the customer wants to allow inbound traffic they must open the necessary ports to allow inbound traffic while blocking unwanted traffic. The firewall also provides a host of options for setting specific protocols for inbound traffic such as by IP address and other identifications. Added security is in place since the business customer must use their x.509 certificate to change firewall configurations.
  • Xen: Another layer of AWS security for EC2 is the Xen Hypervisor which separates different instances running on the same virtual machine. The firewall is situated in the Xen Hypervisor which means packets for instances must pass through the firewall thereby adding enhanced security to isolated instances.

Finally, Amazon Web Services Cloud uses a layer of security known as Amazon EBS or Elastic Block Storage which restricts access to data snapshots to the specific Amazon Web Services account which created it. Business customers can make the data snapshots available to other AWS accounts however; this process should be carefully considered since there may be files with sensitive information.

Prior to releasing Elastic Block Storage to the customer, Amazon wipes old data in accordance with the National Industrial Security Program guidelines. Plus EBS allows business customers to encrypt their data on the block device using algorithms that comply with individual security standards.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
1 visitor found this review helpful
2 Comments
HenryReal UserTOP REVIEWERTOP 5

Cool Yusuf,

Would you please also share Security Processes in the S3 Cloud?

Thanks

Henry

11 July 13
Owner at a tech consulting company with 51-200 employeesConsultant

Hi Henry,

we'll post something on S3 security as well soon. https://aws.amazon.com/s3/faqs/

23 August 15
Guest
Sign Up with Email