CLOUD computing is not new. However, many are still hesitant about the benefits of using the on-demand computing services provided by cloud providers.
Amazon Web Services (AWS) senior security architect Kimberly Chow shares how cloud services help organisations optimise their security posture.
IMPROVING SECURITY POSTURE?
The security posture of an organisation reflects its baseline cybersecurity readiness and how it can predict, prevent and respond to ever-changing cyber threats.
Today, says Chow, many organisations establish a security foundation using technology-agnostic risk management frameworks, such as the National Institute of Standards and Technology Cybersecurity Framework, to understand their organisation's current capabilities, set goals and develop a plan to improve and maintain their security posture.
"However, organisations still need the right model to optimise security outcomes in the cloud. AWS has developed two tools, the AWS Cloud Adoption Framework and AWS Well-Architected Framework, to help organisations adapt their security programme for the cloud," she said.
DATA REGULATORY UPDATED
Malaysia, just like many other countries, has its own set of data sovereignty rules, and since early last year, it has started regulating the provisioning of cloud services under the light-touch regulation of the Communication and Multimedia Act 1998.
The Act seeks to increase consumer data protection, as well as allow industry players to participate in the development of regulatory instruments such as technical codes and standard operating procedures on data security protections based on international benchmarks.
The regulation of cloud services will support the government's aspirations on MyDigital, as Malaysia is moving towards a cloud-first strategy and 80 per cent of public data will be migrated to a hybrid cloud environment.
"From a security governance perspective, AWS has services that assist organisations to centrally manage and govern their environment as they grow and scale their resources, provide a comprehensive view of the security state and compliance with security standards and best practices, as well as enable organisations to assess, audit and evaluate the configurations of AWS resources," said Chow.
CLOUDS DO THE HEAVY LIFTING
In the past, encryption was taxing for an organisation to achieve.
"Not only do you require the skill sets to manage your cryptographic tools, but you also require a significant amount of investment in terms of hardware, such as hardware security modules, to ensure high availability and durability," said Chow.
However, with the move to the cloud, organisations can perform strong encryption on their data at rest and in transit by using highly durable, secure services.
"Organisations can leave the heavy lifting in terms of infrastructure to the cloud, and they can focus on building the right encryption strategies within the organisation," she said.
MITIGATING SECURITY BREACHES
Security breaches are usually caused when an intruder is able to bypass security mechanisms and controls.
Beyond the usual exploit, social engineering and malware types of attacks, security breaches can also be caused by simple misconfigurations of policies, assets and resources that may ultimately lead to the unintended exposure of critical information and assets.
According to Chow, as a cloud provider, AWS provides sophisticated tooling that helps customers identify, protect, detect and respond to security breaches and misconfigurations.
"With AWS, chief information officers can use tools like AWS Config and resource tagging to see exactly what cloud assets their company is using at any moment.
"No more hidden servers under the desk or anonymously placed servers in a rack plugged into the corporate network."
HIGH SECURITY COMPLIANCE
The Department of Statistics Malaysia (DOSM) collects national economic and social statistics, and has become the first federal agency to migrate to AWS.
One primary reason DOSM chose to migrate to AWS is to meet and surpass government information technology security governance guidelines.
"To prevent brute-force attacks, DOSM uses a service that protects applications from common web exploits. Developers and operators are able to securely access the AWS environment through AWS Client VPN, a fully managed remote-access VPN solution," said Chow.
"DOSM also needed to run its e-learning solution, MySUL, as efficiently and securely as possible. Working with IPSB, DOSM began using automatic scaling in Amazon CloudFront to reduce its hosting workload and operational costs.
"DOSM uses Amazon CloudFront to cache the hosting for its on-premises MySUL web server.
"It also uses the AWS Certificate Manager, a service for provisioning, managing and deploying public and private Secure Socket Layer or Transport Layer Security certificates, to manage the secure socket layer for MySUL."
Another example cited by Chow is that of the Department of Polytechnic and Community College Education Curriculum Information Document Online System, which, according to her, is the largest integrated cloud-based education platform in Malaysia's public sector, delivering a full year of academic curriculum online for over 150,000 students.
She said the IT team focused on AWS' benefits around data security as a core element to obtain approvals for the migration of the Malaysian Administrative Modernisation and Management Planning Unit, which oversees the appointments of cloud service providers for government agencies."
"With comprehensive services and features that enable customers to meet the highest security and compliance requirements, AWS can empower customers to move at the speed necessary to have an impact. As always, customers must adhere to applicable security and privacy laws in their jurisdictions."
