“The attack didn’t seem to make a dent on Amazon.com, which is not surprising, considering Amazon’s network infrastructure”, said Paul Mutton, a security analyst at U.K. referring to cyber attack by the hacker group Anonymous. The latter gives us a taste about data protection in the cloud with AWS.
There is this question whether businesses should trust the cloud better than the ‘old fashion’ servers. As to AWS, its cloud services are based on a security platform that includes Security Infrastructure, Mitigation of DDoS Attacks, Data Encryption, Inventory and Configuration, Monitoring and Registry, Identity Access Control, and Intrusion Tests.
The access to private networks and applications is controlled by integrated network firewalls in Amazon VPC. Moreover, all services rely on encryption in transit with TLS and there are different connectivity options that allow private or dedicated connections from the office or an on-premise environment.
Auto Scaling is a service designed to launch or terminate instances and scale services automatically based on health checks, among other two criteria. Besides, the Amazon CloudFront is a network of proxy servers which cache content, more locally to consumers.
The third technology is Amazon Route 53 which is part of Amazon.com’s cloud computing platform where DNS server requests are addressed. This service redirects users to external infrastructures. Additionally, it can configure DNS status checks to redirect traffic to healthy contact points or control the status of the application independently among many other specific services.
Data encryption is available for several database and warehouse services. In addition, AWS counts on a unique encryption password management which is of optional use by the customer as well as its APIs.
Inventory and Configuration is carried out by a variety of services such as Amazon Inspector. It assesses applications automatically to detect vulnerabilities in the operating system or the network. Besides, AWS Config keeps track of changes and manage them through time. You can check the docs on Amazon.com for more Inventory and Configuration tools.
AwsCloudTrail is a service that allows you to keep track on who is calling your APIs and where it was generated. Moreover, AWS cloud creates logs which makes it easier to simplify research and reports. In addition, Amazon CloudWatch alerts you upon a series of events or milestones to identify problems.
Tools such as AWS Identity and Access Management (IAM), AWS Multi-Factor Authentication, and AWS Directory Service define individual user accounts with specific permissions to AWS resources, create account with defined privileges including authentication based on hardware, and they allow integration with corporate directories to reduce the management overload.
Just by filling out a form, AWS performs intrusion tests on your company’s origin or destination resources.
Amazon S3 is a service used either by your company’s experts or Amazon’s experts to manage your storage.
Quoting from Amazon’s docs“Amazon S3 uses a gossip protocol to quickly spread server state information throughout the system. This allows Amazon S3 to quickly route around failed or unreachable servers, among other things. When one server connects to another as part of processing a customer’s request, it starts by gossiping about the system state. Only after gossip is completed will the server send along the information related to the customer request.”
As stated on Amazon’s Health and Status report site, AWS “uses MD5 checksums throughout the system, for example, to prevent, detect, and recover from corruption that can occur during receipt, storage, and retrieval of customers’ objects.”
Amazon provides users with access to a dashboard organized by country or continent, specific service and city. There, they publish their “up-to-the-minute” service availability, current status and status history. You can even subscribe to RSS feed to be notified on failure or issues. Regarding Status History on the same site, you can access incident logs and reports of previous years.