The efficiency and cost benefits of moving to the cloud make it appealing to security professionals, but the transition also introduces several security risks and compliance concerns. Amazon Web Services (AWS) has tried to alleviate enterprise security and compliance concerns with cloud computing by introducing a variety of services and functionality, including dedicated Elastic Compute Cloud (EC2) instances, which promise to make cloud computing safe for highly regulated companies.
This SearchCloudSecurity.com AWS security and Amazon EC2 security tutorial discusses AWS security and the basics of Amazon EC2 security, including how to secure and Amazon EC2 instances as well as strengths and weaknesses of EC2 instances from a security and compliance standpoint.
As more organizations implement virtual machine instances within Amazon’s Elastic Compute Cloud (EC2), they must take the proper steps to secure their EC2 instances.
In this tip, David Shackleford, founder and principal consultant with Voodoo Security, discusses AWS security, outlines the basics of Amazon EC2 security, as well as several steps for properly securing an Amazon EC2 instance.
In an effort to meet the stringent compliance demands of enterprises in regulated industries, Amazon came up with dedicated EC2 instances, in which a company can have dedicated, physical instances to maintain a higher level of security and compliance.
Amazon’s new dedicated EC2 instances promise to make the cloud safe for highly regulated companies, but some are skeptical if EC2 instances can really do all they promise. In this review, Joseph Granneman, CISSP, takes a closer look at Amazon’s dedicated EC2 instances, highlighting some strong areas and some areas that need improvement.
While its cost benefits and efficiency make cloud computing appealing to security professionals, concerns about the risks associated with moving into the cloud – especially the public cloud – leave security pros hesitant to make the switch. Many of the safeguards and data security controls in place within our networks today may not be present in cloud environments, and in the public cloud, there can be a lack of control and visibility into the security tools and controls within the cloud provider’s infrastructure.
However, public cloud providers are improving their security and offering more security tools and capabilities. In this tip, David Shackleford, explores the capabilities of AWS security, as well as Microsoft’s Windows Azure platform.
A new AWS cloud computing compliance whitepaper details customer responsibilities when it comes to compliance with HIPAA, GLBA and other regulations, and stresses that customers can never hand over cloud computing compliance obligations to their provider. This article provides details and expert opinion on the Amazon Web Services: Risk and Compliance document.
Core Security Technologies recently introduced a penetration testing service that companies can use to assess and test the security of their Amazon Web Services environments and cloud deployments. This news story reviews the features and capabilities of the on demand penetrating testing service.
German scientists from the Darmstadt Research Center for Advanced Security (CASED) conducted research where they looked at 1,100 public Amazon Machine Images (AMIs), determining about 30% were vulnerable to attack as a result of customers carelessly creating security vulnerabilities in many of the virtual machines they published.
This was first published in August 2011