Last Updated on February 10, 2023
AWS has an almost bewilderingly rich assortment of security tools and capabilities, with new features being added constantly. What are the most important “foundational” features that almost every AWS user should embrace?
To share his in-depth knowledge of AWS security best practices with business leaders, Temi Adebambo, Head of Security Solutions Architecture at Amazon Web Services (AWS), joined a recent episode of The Virtual CISO Podcast. The show’s host is John Verry, Pivot Point Security CISO and Managing Partner.
Start with the AWS Security Reference Architecture
Temi thinks of the AWS security “slew of services” as akin to Lego blocks. Amazon gives you all these Legos and you can do whatever you want with them! But along with all that creativity and innovation comes a need for some prescriptive guidance.
“Oftentimes, I send customers to start with our AWS Security Reference Architecture,” Temi reports. “That is a set of prescriptive guidance that we have published that gives you a good starting point. [Especially] for anyone who’s new and just trying to figure out, ‘How should I build this?’”
The most critical services to turn on
Regarding individual AWS services to enable in your environment, Temi recommends, “The service you want to turn on the moment you’re running AWS is Amazon GuardDuty.”
This threat detection service continuously monitors your AWS accounts and workloads for malicious activity and delivers detailed findings, even within containers.
“GuardDuty is the native AWS threat detection service that pulls in some of the key AWS logs and also gets feeds from our internal and external threat intel and combines that with machine learning,” Temi summarizes. “It will also highlight setting configurations as risky when they occur.”
Besides GuardDuty, the next most important service in Temi’s view is AWS Security Hub, a cloud security posture management tool that gives you a comprehensive view of your security status in AWS.
“Security Hub enables you to pull in all those alerts and findings from GuardDuty along with all the other third-party providers you might have for security, whether it’s Tenable or endpoint protection like CrowdStrike, as well as the identity side of the house,” validates Temi. “We also have a bunch of benchmarks in there if you need to abide by specific compliance checks.”
Security Hub also helps teams compare their security posture to best practices to identify quick security wins. What’s more, you can centrally monitor dozens or hundreds of AWS accounts around the globe through a single Security Hub dashboard if desired.
Other must-use services
Temi puts two other services, AWS Identity and Access Management (IAM) and AWS Key Management Service (KMS) in the category of “not even optional.” Every AWS user needs IAM and key management and to use non-integrated services (or even worse, nothing) would rarely make sense from a best-practice viewpoint.
“I strongly recommend data protection and encryption in the cloud,” emphasizes Temi. “Not that Amazon is going to look at your data or anything. But you want to make sure that your data, when in transit and at risk, is encrypted and you’re managing permissions to those.”
Ready to hear this podcast show with Temi Adebambo? Click here.
Interested in a self-serve “AWS-like” model for security tools for your whole corporate environment, both on-cloud and on-premises? Meet LimaCharlie: The “AWS Approach” to Provable Security