This document summarizes the top 5 security errors found in customer research and breach analysis from July to October 2018. It finds that 49% of organizations leave databases unencrypted, 41% do not rotate account access keys regularly, 32% publicly expose Amazon S3 buckets, 29% enable root user activities, and 27% leave default network settings open. It then discusses why there are so many errors, including disparate point security products, and proposes an effective cloud security approach with integrated requirements across visibility, configurations, compliance, runtime security, and more.
1. Top 5 Security Errors and
How to Avoid Them
Fred Meek
Manager, Systems Engineering
2. Key findings based on customer
research and breach analysis
July – October 2018
3. 49%
Of organizations leave their
databases unencrypted
• Encrypt, encrypt, encrypt!
• Encryption of Amazon S3 buckets
allows for that data to remain
untampered with and valid for said
audits down the road
• Encryption of RDS protect information
even if databases are compromised or
copied in a malicious manner
4. 41%Of account access keys
have not been rotated in
more than 90 days
• Rotate Keys Regularly
• Rotate ALL credentials, passwords,
and API Access Keys on a regular
basis
5. 32%Of organizations publicly
exposed at least 1
Amazon S3 bucket
• Don’t let your Amazon S3 bucket
policies atrophy
• Strengthen Amazon S3 buckets with
either IAM Policies, Amazon S3
Bucket Policies, or Amazon S3 Access
Control Lists
6. 29%
Of organizations enable
root user activities
• Disable Root Account API Access Key
• Create IAM admin users. At least 2, no
more than 3 per IAM group
• Grant access to billing information and
tools
• Disable/Remove the default AWS root
user API access keys
7. 27%
Of organizations leave
default network settings
for at least 1 account
• Always lock down the IP and port of
which you will gain access to your
AWS environment
• Only turn on access when it is needed
and off again once administrative work
has been accomplished