Leading up to AWS re:Invent 2013, I have been blogging about a hot topic – what should be on your cloud security checklist to cover off your security responsibilities when deploying in the cloud. To date, I have covered operating system and network security, data and application security, as well as the key optimizations to ensure security becomes part of your cloud architecture and operations (not a hindrance).
The final piece of the checklist – flexible options to buy and deploy
As I know you are all very well aware of, a great security solution will not only be able to address technical and operational requirements, it will also align to your buying and deployment preferences.
Here are some of the comments we have heard from customers about security solutions focused on their responsibilities on AWS deployments:
- “If I prefer to buy service offerings vs. software, I want the same for security.”
- “I’m used to a pay-as-you-go model, billed on a monthly basis for my AWS environment. I want the same for security.”
- “As environment prices change, I expect security to remain a relatively stable percentage of my overall investment.”
The ability to fit your security solution to your buying and deployment preferences is the last – but definitely not the least – important requirement to add to your security checklist.
So, drum roll please… here’s the entire cloud security checklist:
For your operating systems, network, apps and data deployed on AWS, you need:
- Continuous web application scanning to detect vulnerabilities
- Boot and data volume encryption with external key management to protect data at rest and keep control of the keys
- SSL certificates to protect data-in-motion with encryption
- Intrusion Prevention with virtual patching to protect against vulnerabilities even before you patch
- Host-based bi-directional firewall to prevent unauthorized outbound communication – with logging and alerting capabilities to make it easier to manage
- File integrity monitoring to catch unauthorized system component changes
- Anti-malware with web reputation to protect against viruses and malicious URLs
To ensure that security optimized for securing deployments on AWS is easy to buy, deploy and manage, look for:
- Automated recommendations that fit your security policies to your instances to reduce effort to deploy
- The ability to leverage security policies across your hybrid environment to avoid duplicate effort
- Instant-on security to apply policies automatically as you scale your instances up and down
- Instant-on security to apply policies automatically as you scale your instances up and down
- The ability to automatically match the appropriate security policy to your instances
- Integration leading with cloud management tools like Chef, Puppet, and AWS OpsWorks to further embed security into operational processes
- Dashboards, reports and alerts to provide real-time visibility into your environments and enable you to focus on what is important
- Flexible billing aligned to cloud purchasing models (upfront, pay-as-you-go) and deployment (software or service) options to match your deployment and investment preferences
With the show in full swing, I hope you are having as great a time as I am! I am really enjoying hearing all the innovative uses of cloud environments and have had some fantastic discussions on how to architect with security in mind.
I hope to meet you at the show – drop by our booth (#607), or join in our sessions TrendMicro.com/AWS – I would love to chat more about how Trend Micro can help you meet your security responsibilities in the cloud. I also encourage you to join our Twitter chat tomorrow at 1 p.m. PST with any questions you have regarding AWS using the hashtag #TrendTalk.
