AWS security and Amazon EC2 security tutorial

This AWS security and Amazon EC2 tutorial discusses AWS security and the basics of Amazon EC2 security, including how to secure and Amazon EC2 instances as well as strengths and weaknesses of EC2 instances from a security and compliance standpoint.

Editor's Note: New Amazon Web Services security features continously emerge over time as cloud security changes....

Read what organizations should know about new AWS security products that accommodate these security updates.

The efficiency and cost benefits of moving to the cloud make it appealing to security professionals, but the transition also introduces several security risks and compliance concerns. Amazon Web Services (AWS) has tried to alleviate enterprise security and compliance concerns with cloud computing by introducing a variety of services and functionality, including dedicated Elastic Compute Cloud (EC2) instances, which promise to make cloud computing safe for highly regulated companies.

This AWS security and Amazon EC2 security tutorial discusses AWS security and the basics of Amazon EC2 security, including how to secure and Amazon EC2 instances as well as strengths and weaknesses of EC2 instances from a security and compliance standpoint.

Amazon EC2 security: securing an EC2 instance

As more organizations implement virtual machine instances within Amazon’s Elastic Compute Cloud (EC2), they must take the proper steps to secure their EC2 instances.

In this tip, David Shackleford, founder and principal consultant with Voodoo Security, discusses AWS security, outlines the basics of Amazon EC2 security, as well as several steps for properly securing an Amazon EC2 instance.

Are dedicated Amazon EC2 instances enough for compliance?

In an effort to meet the stringent compliance demands of enterprises in regulated industries, Amazon came up with dedicated EC2 instances, in which a company can have dedicated, physical instances to maintain a higher level of security and compliance.

Amazon’s new dedicated EC2 instances promise to make the cloud safe for highly regulated companies, but some are skeptical if EC2 instances can really do all they promise. In this review, Joseph Granneman, CISSP, takes  a closer look at Amazon’s dedicated EC2 instances, highlighting some strong areas and some areas that need improvement.

Public cloud security: AWS security and Microsoft Azure

While its cost benefits and efficiency make cloud computing appealing to security professionals, concerns about the risks associated with moving into the cloud – especially the public cloud – leave security pros hesitant to make the switch. Many of the safeguards and data security controls in place within our networks today may not be present in cloud environments, and in the public cloud, there can be a lack of control and visibility into the security tools and controls within the cloud provider’s infrastructure.

However, public cloud providers are improving their security and offering more security tools and capabilities. In this tip, David Shackleford, explores the capabilities of AWS security, as well as Microsoft’s Windows Azure platform.

AWS cloud computing compliance paper details customer responsibilities

A new AWS cloud computing compliance whitepaper details customer responsibilities when it comes to compliance with HIPAA, GLBA and other regulations, and stresses that customers can never hand over cloud computing compliance obligations to their provider.  This article provides details and expert opinion on the Amazon Web Services: Risk and Compliance document.

Core Security launches penetration testing service for AWS security

Core Security Technologies recently introduced a penetration testing service that companies can use to assess and test the security of their Amazon Web Services environments and cloud deployments. This news story reviews the features and capabilities of the on demand penetrating testing service.

AWS customers open door to cloud computing security threats

German scientists from the Darmstadt Research Center for Advanced Security (CASED) conducted research where they looked at 1,100 public Amazon Machine Images (AMIs), determining about 30% were vulnerable to attack as a result of customers carelessly creating security vulnerabilities in many of the virtual machines they published.

Next Steps

Amazon launches U.S. government cloud to meet regulatory requirements of U.S. government agencies and support ITAR compliance requirements.

Eli Lilly walked away from using Amazon Web Services after failing to come to terms over legal indemnification issues.

Dig Deeper on Public Cloud Computing Security