Centrify has released a whitepaper which talks about responsibilities for security when moving to an AWS infrastructure. While some layers of the infrastructure are secured by AWS, customers need to be responsible for certain security as well.
According to Centrify’s whitepaper, Amazon’s Shared Responsibility Model clearly states which party is responsible for which part of the security and details six best practices for security on AWS.
The most common practice is extending the common security model as conventional security and compliance concepts still apply in the cloud and by leveraging the processes and technologies, organizations and companies can minimize time and resources required to reach certain security level. Organizations also need to consolidate identities by using existing identities and not creating additional local AWS user accounts and Access Keys.
One of the key security practices includes accountability, by using individual accounts rather than shared anonymous accounts, as well as offer least privilege access, allowing just enough privilege necessary to complete a certain task.
As always, every authorized and unauthorized user sessions to Amazon EC2 instances need to be logged and monitored and the use of multi-factor authentication (MFA) is a must, which will both increase security as well as prevent attackers to use compromised credentials.
You can check out the full whitepaper with plenty of other details directly from Centrify.