Navigating the AWS evolution

Author: Ashish Rajan, Senior Security Consultant, Versent

How to take control of security and meet compliance in a complex AWS environment

Amazon Web Services (AWS), once used as a ‘testing playground’ for proof of concept has evolved in the last five years to a complex arena of possibilities. The conversation has changed from ‘how can I put my website on Amazon in a secure way?’ to ‘how can I move multiple things to the cloud but still make sure it’s secure?’.

Organisations previously owned only one cloud (AWS) account and questioned “Is my cloud environment secure?”, “What is my security posture in cloud?”, “Is any of my sensitive information available on the internet through my cloud platform?”. As AWS usage has increased over time, organisations now own a multitude of AWS accounts, new complexities are being introduced and the questions are no longer simple.

It is no longer uncommon that organisations with multiple AWS accounts often have a standalone account that is not linked to a consolidated billing account, or have more than one consolidated billing account. Due to widespread adoption of AWS across enterprise, many IT departments are challenged by the AWS account complexities which impacts cost control and optimal utilisation of their cloud infrastructure. The fear of the unknown is also stopping some users from effectively testing proof of concept for prevention of sensitive data leakage.

Initial conversations were once around how to keep assets secure in AWS while enabling these assets to automatically scale based on demand in a secure way; however, for larger organisations that have multiple AWS accounts, the focus is now on compliance requirements within their AWS accounts. Some of the larger clients have more than 40 accounts, often accompanied by a master AWS account for billing and auditing. This easily becomes quite a complex task to manage as you attempt to address multiple accounts a day without a tool to manage everything in one location.

To navigate through this minefield, tools like Stax can help organisations manage all their accounts in one place, removing the uncertainty and guesswork to provide full visibility so that more informed decisions can be made. These tools make understanding and managing cloud nice and simple, enabling enterprises to improve their maturity in AWS.

For many organisations, it’s key that the cloud is tangible for management and key stakeholders. Having a dashboard that captures all the relevant information in one place can give you insight on whether any AWS accounts have any public facing IT assets or if an asset in AWS has been created outside of defined regions. This is important from a privacy perspective for government agencies, health and financial institutions. Also having a dashboard that can alert you if any of your AWS accounts are not meeting the compliance guidelines within your organisation - will make life easier.

As AWS continues to evolve, adding new services, and new features, it will create more uncertainty. Having a tool like Stax which continues to evolve with AWS will help make it easier for you to navigate the AWS environment so that you’re always two steps ahead.