November 24, 2016 / by Ben Lloyd AWS, Security, Encryption
Protecting your data with AWS Encryption
Cloud services like AWS from Amazon are, by design, incredibly secure. Each of their vast Cloud data centres is protected by cutting edge security systems that are being constantly monitored and updated to block the latest threats and attacks launched by cybercriminals.
But the reality is that no IT system has ever been designed that is completely hack proof. Any kind of computer system attached to the Internet is vulnerable to attack, and Amazon’s data centres are a particularly attractive target for cyber thieves. With thousands of clients storing all manner of valuable intellectual property on AWS servers, criminals are likely to spend significant time and resources trying to breach the security perimeter.
Sometimes the worst does happen
For all its simplicity of use, Amazon Cloud billing is quite complex. If you remember nothing else, hold on to the fact that EC2 use is billed according to the number of hours use Amazon AWS has been compromised in the past – even if those breaches were part of a proof-of-concept like this example. So when it comes to preparing your business systems for the Cloud, you need to have a system in place that is prepared for the very worst case scenario – a successful hacking.
Encryption at rest
This is where encryption comes into play. As your files are written into AWS storage, they are also encrypted, making them completely unreadable without the relevant decryption key. This is known as “encryption at rest” – the files remain encrypted until you need them. Only authorised users entering the system through the official channels can access the relevant decryption routines.
This means that if hackers do find a way into your AWS instances via a backdoor, and steal your data, they will not be able to do anything with the information. The chances of breaking the encryption on files they do steal are very, very low. Your data remains secure even if you are hacked.
Encryption in transit
Criminals aren’t just interested in attacking AWS data centres to steal your information though – many will try and intercept files being transferred between your computers and the Cloud. Again, encryption comes to the rescue.
Amazon employ TLS – a form of encryption similar to that used on ecommerce websites – to encrypt data in transit. Again, if cybercriminals do intercept your files, they will be unable to do anything with them. The data is completely unreadable without the relevant decryption key.
Reducing your security overheads
With so much encryption employed in the Cloud, you can focus your resources and efforts on improving security inside your network. This may or may not involve encryption of PC and laptop hard drives depending on your security strategy, but it does mean that your own IT security overheads are much easier to manage. It is far simpler to oversee your PC and laptops without having to worry about servers too.
Best of all, these cutting edge technologies are included as standard in your Cloud subscription. So your data is protected against theft at no extra cost.
To learn more about AWS, encryption, and how your data is safer in the Cloud, please get in touch.
