Rackspace and Alert Logic, a security, compliance and threat management company, have launched an Amazon Web Services (AWS) security review program for small and medium-sized businesses (SMBs). The program allows SMBs to analyze the configurations of their AWS environments against AWS CIS Foundations Benchmarks and measure their performance against AWS reviews.
Program participants can use Alert Logic's managed detection and response (MDR) solution to evaluate the security of their AWS environments and review the results of an AWS security assessment with Rackspace security experts, the companies indicated. After a security assessment is completed, SMBs can deploy Rackspace Service Blocks, Alert Logic's MDR solution and other technologies to address security gaps.
What Are the Dangers Associated with an AWS Misconfiguration?
An AWS misconfiguration may lead to a data leak that causes revenue losses, brand reputation damage and compliance penalties. There are many reasons why an AWS misconfiguration occurs, such as:
- Inadequate password policies.
- Inconsistent use of encryption.
- Human error.
Capital One, GoDaddy and FedEx are among the globally recognized organizations that recently experienced AWS data leaks. Meanwhile, new programs and tools are becoming available to help organizations limit the risk of such issues.
AWS Unveils Access Analyzer
In addition to the Rackspace-Alert Logic AWS security review program, AWS last month introduced Access Analyzer for Simple Storage Service (S3).
Access Analyzer alerts an organization if it has an S3 bucket that is configured to allow access to anyone on the Internet or is shared with other AWS accounts, AWS said. In doing so, Access Analyzer helps an organization evaluate its S3 bucket access policies and quickly discover and remediate S3 bucket leaks.