Cloud adoption has increased exponentially over the years. 94% of enterprises use the cloud already.

There used to be two main camps of cloud users as below:

  1. Cloud users who were skeptical of security of public cloud in the first place.
  2. Cloud users who believe that public cloud takes care of all security aspects automatically i.e. public cloud are inherently secure.

While the critical mass of camp #1 users has declined, it seems like camp #2 users have increased in volume. In many conversations with startups and otherwise, we have had discussions wherein the customer believed that their AWS cloud environment is inherently secure and nothing needs to be done from security angle. Nothing could be further from the truth here.

Since inception AWS has talked about Shared Responsibility Model when it comes to Security and Compliance. For Infrastructure as a Service (IaaS) services, customers own security aspects to a greater extent, as compared to Platform as a Service (PaaS) services where customers are mainly responsible for their data. For example if a customer is using Elastic Compute Cloud (EC2) instances, then they are responsible for management of the guest operating system (including patches and security updates), any application or utilities installed on those instances, etc.

AWS Well-Architected Framework is another excellent tool from AWS to aid customers to align with cloud security best practices. It consists of five main pillars as below:
  1. Operational Excellence Pillar
  2. Security Pillar
  3. Reliability Pillar
  4. Performance Efficiency Pillar
  5. Cost Optimization Pillar
Let us deep dive in to the Security Pillar. It is composed of five areas as below:
  1. Identity and Access Management
  2. Detection
  3. Infrastructure Protection
  4. Data Protection
  5. Incident Response

Given that many AWS customers still run their workloads on AWS using EC2, let us discuss more about Infrastructure Protection. Infrastructure Protection is further broken into 2 parts: Protecting Networks and Protecting Compute. If we consider “Protecting Compute” for EC2 workloads, then customers are strongly advised to perform vulnerability management. Here is an excerpt from AWS documentation:

Frequently scan and patch for vulnerabilities in your code, dependencies, and in your 
infrastructure to help protect against new threats.

It is important to note that AWS recommends a holistic approach to vulnerabilities across all levels i.e. code, dependencies and infrastructure (i.e. EC2 and containers). Let us look at each of these in more detail below:

ThreatWorx can help with all of the above and that too in a completely non-invasive scan-less and agent-less manner. ThreatWorx aids in the following as well: