According to data collected from an analysis of millions of resources across hundreds of customers, human configuration errors that may expose cloud resources are increasingly common. The potential impact can be significant. Everyone needs to play their part in managing the risks, but first, you need to understand what risks need to be managed. We’ve distilled our customer experiences into the five most commonly made errors. In this session, we explain how to best avoid these errors and discuss what their potential impacts are.
3. 49%
Of organizations leave their
databases unencrypted
• Encrypt, encrypt, encrypt!
• Encryption of Amazon S3 buckets
allows for that data to remain
untampered with and valid for said
audits down the road
• Encryption of RDS protect information
even if databases are compromised or
copied in a malicious manner
4. 41%Of account access keys
have not been rotated in
more than 90 days
• Rotate Keys Regularly
• Rotate ALL credentials, passwords,
and API Access Keys on a regular
basis
5. 32%Of organizations
publicly exposed at
least 1 Amazon S3
bucket
• Don’t let your Amazon S3 bucket
policies atrophy
• Strengthen Amazon S3 buckets with
either IAM Policies, Amazon S3 Bucket
Policies, or Amazon S3 Access Control
Lists
6. 29%
Of organizations enable
root user activities
• Disable Root Account API Access Key
• Create IAM admin users. At least 2,
no more than 3 per IAM group
• Grant access to billing information and
tools
• Disable/Remove the default AWS root
user API access keys
7. 27%
Of organizations leave
default network settings
for at least 1 account
• Always lock down the IP and port of
which you will gain access to your
AWS environment
• Only turn on access when it is needed
and off again once administrative work
has been accomplished