Gartner forecasted that cloud revenue will grow 17% from 2019 to 2020. With the increase in cloud computing, cloud security is more important than ever. Cloud consumption drastically changed in early 2020 when the workforce rapidly went remote. According to Flexera, 59% of enterprises expect cloud usage to exceed prior plans due to COVID-19. With the increase in cloud computing, cloud security is more important than ever.
In Amazon Web Services (AWS), there’s a shared security responsibility between AWS and the customer (you). Each AWS environment and service has different functions; they also have different security needs. This shared responsibility model defines the division of responsibilities between the customer and AWS, and the grouping of these responsibilities by AWS environment/service. The chart identifies where the responsibilities lie within different environments.
The Shared Responsibility Model
The chart above shows that most of the AWS customer’s accountability is for security within the cloud — like protecting the organization’s data. Conversely, AWS is typically responsible for security of the cloud, including physical security of AWS infrastructure.
Holding up the clients’ end of the bargain with the shared responsibility model is easier said than done. No matter which AWS Cloud service is used, protection of the organization’s data is always up to the organization itself. That’s a big responsibility! According to Gartner, over the next three years, “at least 95% of cloud security failures will be the customer’s fault.” However, there are actions you can take to secure your cloud infrastructure with CIS resources.
Prevent Common Cyber-Attacks
Before diving into the details such as securely configuring encryption at rest for CloudTrail logs using AWS Key Management to increase protection against unauthorized log file access, your organization should assess its overall cyber hygiene. You can measure your organization against a security best practice.
There are a variety of tools available for the task, such as CIS Controls®. This is a free, internationally-recognized set of cybersecurity best practices. Prioritized and prescriptive in nature, they are the definition of “how” to achieve basic cyber hygiene.
For organizations to use CIS Controls on AWS, we offer the CIS Controls Cloud Companion Guide outlines the four main types of cloud services and maps them to the CIS Controls: Infrastructure as a Service (IaaS), Software as a Service (SaaS), Platform as a Service (PaaS), and Function as a Service (FaaS).
Secure Your Account on AWS Cloud
Whether you’re operating on-prem or in the cloud, one thing remains constant: your systems operate software and hardware under different assumed security responsibilities than what’s actually expected of you. This is one of many reasons why you should review all of your system’s configurations and implement secure recommendations, such as the CIS Benchmarks™. The CIS Benchmarks are vendor-agnostic cybersecurity configuration guidelines.
The CIS AWS Foundations Benchmark provides the security community with the account-level basics for configuring, deploying, and securing services in AWS environments with prescriptive configuration recommendations.
Secure Your VMs
Once your AWS account is secured with the CIS AWS Foundations Benchmark, the next step is to configure your virtual machine (VM). CIS Hardened Images® are pre-configured VMs built on the base image from AWS Marketplace. They’re hardened by CIS to the security configuration guidelines of the CIS Benchmarks.
CIS Shared Responsibility Model Resource
The shared responsibility model for Compliance and security provides clarity on security expectations for customers and AWS. However, an understanding of the expectation is just the first step. Users must act on these responsibilities by creating policies and procedures for their portion of cloud security.
Used together or individually, CIS Controls, CIS Benchmarks, and CIS Hardened Images can help organizations in the cloud meet the shared security responsibility more easily. In this guide, we provide a deep dive into the AWS Shared Responsibility Model and how CIS resources help meet those responsibilities.