The ability to protect and safeguard data in the cloud is critical to meet mission requirements and deliver satisfactory business outcomes. Cloud platforms such as AWS offer powerful set of features and safeguards to help users stay safe and ensure the confidentiality, integrity and availability of their information. Critical services such s3, rds, vpc, elb, ebs and others available in AWS Ec2 provide a powerful policy-driven security framework that many organizations don’t fully understand and is one of the top reasons for vulnerabilities to be introduced into the system. The table below shows the results of a recent scan performed by stackArmor’s Security and Compliance team for a Financial Services and Payroll SaaS Provider getting ready for a SOC 2 assessment. The table below shows a small subset of the vulnerability assessment findings that a simple scan can deliver.
| AWS Cloud Component | AWS Service Item | Severity Score | Finding | stackArmor Comment |
| policy | PowerUserAccess | 10 | Managed Policy contains NotAction. | NotAction combined with an “Effect”: “Allow” often provides more privilege than is desired. |
| iamuser | myIAM@ACME.com | 10 | IAM User has full admin privileges. | Review this user as he has full admin privilages. Its recommended to provide Admin access via groups rather than assigning individually. |
| s3 | elasticbeanstalk-us-east-1-xnxnxnxxx240 | 10 | ACL – Unknown Cross Account Access. | Review this service as it has cross account access. |
| securitygroup | Webserver (sg-fexxxaaab in vpc-9aaa9999) | 10 | Security Group ingress rule contains 0.0.0.0/0 | Security Groups should be configured in point to point mode and not be left open. This SG is is opening 1024 ports and causing High vulnerability. |
For organizations with sensitive data and a regulatory mandate to comply with continuous monitoring and vulnerability management mandates, it is essential to make sure that best practices are followed and the configurations be monitored on a continuous basis. Here are some helpful steps that organizations can take to protect their data.
- Create a security framework for continuous monitoring and compliance for the cloud environment that incorporates a “full-stack” approach.
- Develop a Continuous Monitoring “ConMon” artifact that captures and reports findings and their remediation status on a periodic basis.
- Provide continuous education and awareness of the need to protect the data and follow security best practices.
stackArmor has developed an easy to understand and implement cybersecurity framework called ARM that helps organizations quickly understand their vulnerabilities and risks. Also, stackArmor ThreatAlert is an easy to use light weight AWS cloud security vulnerability scanning service that rapidly identifies misconfigurations. Review some our blogs on how you can protect your AWS or AWS GovCloud hosted environments.
https://stackarmor.com/solutions-2/stackarmor-threatalert/
https://stackarmor.com/vulnerability-management-and-penetration-testing-on-aws-cloud/
