LAS VEGAS – Amazon launched a new API for audit logging this week but enterprises want more as they continue to...
prioritize cloud security.
Many Amazon Web Services (AWS) use careful configuration practices and often, third-party tools to ensure their data is safe in the public cloud.
Mobile phone provider Vodafone Australia stores customer data in AWS' Elastic Compute Cloud (EC2) and is comfortable doing so because of a combination of tools from security software providers Trend Micro Inc. and Xceedium, Inc., along with Amazon’s native security groups feature, according to presenters from the company at the AWS re:Invent conference here this week.
Traditional security methods are not the best fit for the cloud, according to a portion of the presentation delivered by Phil Schulz, agile project manager for the company. But with the right planning, Vodafone officials said they trust their AWS deployment as much or more than their on-premises infrastructure.
As a first step, Vodafone set up multiple virtual private clouds (VPC), including a separate VPC for security tools to operate in. Vodafone also picked Trend Micro’s Deep Security tool, which is integrated with AWS APIs, as a centralized point of visibility into the VPCs where the company’s business units operate. A Deep Security agent is ‘baked in’ to every Amazon Machine Image (AMI) deployed by the company using Opscode Chef recipes.
The Chef-based automation of Deep Security deployment is key to maintaining the automation and elasticity inherent in cloud computing, Vodafone officials said, and it offers traffic auditing, which the company considers crucial to cloud security.
“Network and vulnerability scans paint the real picture,” said Roshan Vilat, solution architect for Vodafone.
Vodafone also uses Amazon’s Security Groups to wall off AMIs within the VPCs, and built its own firewall service as the outer ‘shell’ of protection regulating intra-VPC communications.
Finally, Xceedium’s Xsuite tool offers privileged access management for end users who access the cloud, and the company uses Splunk to analyze log data for possible security breaches – this in turn is connected to the company’s helpdesk ticketing system to quickly resolve problems.
“Even if you think everything is right, always test, test, test,” Vilat added.
AWS launches CloudTrail API for cloud security
In keeping with the cloud security theme at the conference, Amazon launched a new API for audit logging, dubbed CloudTrail.
It stores logs of all API calls made on EC2 in the Simple Storage Service (S3) object store or Glacier archive storage. These logs can then be analyzed by third-party tools like Loggly, Splunk, and Sumo Logic, among others.
While it delivers an important capability, CloudTrail may not go far enough.
“One of the problems we’ve had with moving things to the cloud is [a lack of] audit trails,” said Grant Young, director of IT technology for a large textbook publisher in the Northeast. “It’s one of the biggest issues preventing companies from going to the cloud.”
Another attendee said he’d rather see Amazon provide the log correlation and analysis rather than relying on partners.
“I’d like to see something like that built in,” said the director of technology for an ecommerce company. “That would help me more than knowing what the API did.”