Once upon a time, the biggest barrier to cloud adoption was security. That is no longer the case, but at the Re:Invent conference, Amazon.com unveiled two new security and compliance tools designed to make it easier for Amazon Web Services users to proactively find and fix security issues.
Organizations were originally reluctant to move their servers and applications to cloud platforms because they didn't want to run afoul of compliance requirements or commit errors that could result in a massive data breach.
Thus, AWS's new Amazon Inspector helps find vulnerabilities and other security issues; it also provides information on how to remediate those bugs and correct configuration mistakes. Finally, AWS's Config Rules is designed to ease compliance concerns as it tells users when specific resources changed and are no longer compliant.
Amazon Inspector is an automated security assessment service that finds security or compliance issues on applications deployed in AWS. It analyzes the application’s behavior by monitoring the network, file system, and process activity. It correlates the information with other data, such as details of communication with AWS, use of secure channels, and network traffic between instances to generate reports listing potential security issues.
Inspector correlates and analyzes all this information into a report, with issues grouped by severity so that users know which ones to pay attention to first. Inspector also provides advice on how to fix the problems.
The resulting report shows existing vulnerabilities in the application code or the server configuration, as well as areas where the service may be out of compliance. Inspector’s reports would be valuable for Amazon customers who find it challenging to stay abreast of changes made to their applications and servers. There have been numerous stories of developers realizing passwords and keys were left inside configuration files when the application was deployed or all the times a server was misconfigured. For businesses in heavily regulated industries such as finance and healthcare, the assessment could verify they are meeting the strict guidelines on how to store and use data.
Because Inspector is currently in preview, the only set of compliance rules it can check against is the PCI DSS 3.0 Assessment, but others will be added over time. Inspector also provides Cloud Trails, which is an audit trail indicating what issue was found, what actions were taken to address the issue, and when those actions occurred. Cloud Trails could be invaluable when working with auditors.
Users can specify the duration of the assessment and which rules -- such as best practices, compliance standards, and known vulnerabilities -- Inspector should use as part of its analysis. Along with the PCI DSS assessment, Inspector includes rules from Common Vulnerabilities and Exposures, Network Security Best Practices, Authentication Best Practices, Operating System Security Best Practices, and Application Security Best Practices.
Sign up for MIS Asia eNewsletters.