Over the past weeks we have been reviewing the top 10 tips for securing instances running on Amazon Web Services. We walked through the critical controls as part of the AWS shared security model. As noted in these tips, host-based security capabilities such as intrusion detection and prevention, anti-malware, and integrity monitoring are critical for protecting your applications and data.
While some of these recommended tips involve configuring and tuning AWS itself, some require the use of third-party tools. So when looking for candidates for securing your cloud projects, here are five questions to ask potential vendors:
- Are newly created instances automatically recognized? One of the benefits of the cloud is also one of its biggest challenges: elasticity. Often instances are automatically created, for example, in response to increased load. If those automatic instances are not also automatically protected, you can be left vulnerable.
- Does your policy speak AWS? All instances are not the same, and the security policy may vary depending on the type and purpose of the instance (for example, database versus web server). The policy engine needs to understand the information being served through AWS, and apply appropriate policies accordingly.
- Will I need to change my deployment process? A variety of commercial and open source deployment tools are used in managing today’s AWS deployments (RightScale, Chef, Puppet, CloudFormation, to name a few). Being required to change those processes to fit security solutions means time, expense, and the potential for something to go wrong in the deployment process.
- Can I manage my security in one place? Having to manage multiple security policies, alerts, dashboards, etc… is both time-consuming and complicated – and increases the risk of missing key information that can impact the security of your deployment.
- Am I considered to be on the ‘bleeding edge’? It is great to be an early adopter, but not if doing so risks the security of your cloud deployment. Make sure the technology being used to secure your instances is established, and that the policy templates provided have already been proven in real-world deployments.
What challenges are you seeing in securing AWS? Let us know in the comments!
These questions highlight one of the challenges in securing AWS deployments: finding proven technology delivered in a way that takes full advantage AWS. That’s why we are so excited to announce that our Deep Security as a Service for AWS is now available. Based on Trend Micro’s proven Deep Security product, the service runs on AWS and is specifically designed to provide the range of security capabilities to protect AWS instances. So you can set up your account and secure your AWS instances, literally in minutes.
You can check out and explore Deep Security as a Service by signing up now for a full, free trial at deepsecurity.trendmicro.com.