If You’re Going to Do It… Be Safe!

Brian Wood Blog

If you’re going to have AWS then you might as well practice safe AWS.

Summary article by in FierceITSecurity; original posted on Porticor.

Emphasis in red added by me.

Brian Wood, VP Marketing


Infographic: Top cloud security mistakes made by AWS users

Many Amazon Web Services (AWS) users lose control of their data by giving up control of their encryption keys to Amazon or a third party, warns Gilad Parann-Nissany with cloud security provider Porticor.

This is definitely not the best practice and compromises their data and their compliance with regulations like HIPAA and PCI. The way to take advantage of the many benefits of AWS while maintaining control of data is with the split key encryption and homomorphic key management,” Parann-Nissany explains in an infographic prepared by Porticor.

Engin Kirda with Northeastern University and malware protection firm Lastline says that the biggest mistake AWS users make is failing to delete sensitive information like passwords and credentials before creating and sharing virtual images.

Dwayne Melancon with cybersecurity firm Tripwire says leaving AWS login credentials in public readable scripts is a “huge” security mistake. “Automation is your friend, but some customers pass login credentials in plain text in scripts. Automation is fast–don’t let it accelerate hackers’ ability to own your AWS account!”

Fourteen other cloud security experts share their insights on cloud security mistakes that AWS customers make when protecting their data and apps. A full-size version of the infographic can be seen by here.