With the advent of Amazon Web Services (AWS), credit unions across the country have chosen Amazon’s platform as their preferred outsourced data center host. Many are using AWS to host their servers, their data or build web applications – and AWS is quickly becoming one of the largest organizations responsible for sensitive data.
As we’ve seen with every cyber criminal trend, attackers generally select their targets based on where the most sensitive data is. With so much critical data hosted by AWS, I can imagine we’re going to see heightened attack levels against these servers – both in quantity and sophistication.
Luckily, there’s a lot credit unions can do to ensure Amazon is taking the proper measures to keep their data secure.
· It starts with having a good vendor management program in place. As you would with any other vendor, request a SOC report and have a qualified security personnel member review it for your organization. Make sure Amazon and other vendors are holding up their end of security.
· Don’t assume security is managed by Amazon and make sure you understand your institution’s responsibilities for security as an AWS customer. For example, MFA and encryption are not turned on by default. These are protections you, the customer, are responsible for enabling.
· Ensure AWS accounts are managed securely. Concepts like role-based access, least privilege, account reviews, all still apply in AWS.
· Turn on monitoring and event logging, using services like CloudTrail. Enabling logging for S3 buckets, file validation, etc across geographic regions will give you a fighting chance at identifying nefarious activity.
· Lastly, you not only want to make sure your data is safe, but available whenever you need it. Use SLAs to ensure there are minimal service disruptions. This way, if there is a disaster, your data is not unavailable for long.