The most common concern I hear from attendees when presenting Learning Tree’s Cloud Computing course is security – how secure is the cloud ?. The most common search terms on Google that drive visitors to this blog are related to ‘Amazon Security Groups’. With this in mind I thought it worthwhile expanding a little on Amazon AWS security and the fact that security is a big part of Cloud Computing and something that Amazon handles incredibly well.
The primary service most people use on first contact with AWS is EC2 and as part of the provisioning of a server the user has to setup a security group. This is akin to configuring a simple firewall and has been detailed in a blog by Doug Rehnstrom. What is important is that Cloud Computing users realise that this part of Cloud Security is just the tip of a very large iceberg. To secure the AWS environment Amazon has to implement a number of physical and operational security processes as well as service specific security implementations.
When it comes to operational processes, Amazon implements a controlled environment, through which risk management, certifications and accreditations, backup, monitoring, environmental safeguards are just a few. If we consider the security of EC2 as an example of service specific security then multiple levels of security are required and implemented by Amazon. Equally some of the security is the responsibility of the EC2 user. Because of the virtualised environment these start with the host operating system which is only accessible by Amazon administrators. The guest operating system security which is the responsibility of the EC2 user rather than Amazon and should include such practices as using multi-factor authentication, privilege escalation and certificate based encryption. The firewall level is what is configured by the EC2 security groups and again is the responsibility of the EC2 user. Further to the Firewall there is a need for Hypervisor security and instance isolation because of multiple instances sharing the same physical machine which is the responsibility of Amazon.
Hopefully with this brief description you begin to appreciate that the EC2 security groups are just a small part of an overall security strategy for working with EC2, which itself is a small part of AWS, and that the responsibility for security is partly Amazons and partly the AWS users. Once data storage requirements are added including the different types of storage such as the Simple Storage Service (S3) and Elastic Block Storage (EBS) the number of security considerations increase. Whilst these may sound daunting many are not unique to the Cloud Computing Environment, but computing infrastructure in general. To help Cloud Computing adopters better understand the security requirements, Learning Tree have developed a three day course that focuses purely on the security of Cloud Computing. If you are interested in adopting Cloud Computing it would be beneficial to attend this course to ensure your adoption strategy is secure from the beginning.