ARCHIVE
ID Number: G00212799



This research is provided for historical perspective;
portions of this document may not reflect current conditions.





Protecting Sensitive Data in Amazon EC2 Deployments
14 June 2011
 
Dan Blum  

IT staff members tasked to deploy a sensitive or mission-critical application in the Amazon Elastic Compute Cloud (EC2) environment will find themselves facing some familiar, and some new, security challenges. This document assesses the customer's ability to leverage a combination of EC2-based, enterprise-based, and third-party technical safeguards to protect a Web-based, sensitive or mission-critical application in Amazon's environment.





*
Unavailable for individual purchase
For information on how to gain access to this and other documents,
click here.













Contact Gartner




For information on how to gain access to this and other documents, click here.
 You or your organization may already own this document. Register now to find out. Your Gartner Membership Administrator can supply the needed License Key(s).
You will not lose your document during registration.
Sign in here:
Username:

Password:
Forgot your username
or password?







This document is not available as part of your current Gartner subscription. For pricing and availability of the full document, please contact your Gartner account representative. Your account representative can also give you more information about your current subscription and other access options that may be available to you. If you do not have a Gartner account representative, call +1 203 316 1200 for assistance.

Table of Contents

Contents
  • Summary of Findings
  • Analysis
    • Understanding the EC2 Service
    • Assessing the EC2 Service
    • Division of Responsibilities
    • Security Architecture and Governance
      • Security Control Architectures for EC2
    • Network Security and Zoning
      • DoS Attacks
    • Identity and Access Management
      • Manage Access by EC2 (and S3) Administrators
      • Manage Identity and Access in the Instance Environment
      • Manage Identity in EC2-Based E-Commerce Applications
    • Host Security
      • Updating or Patching Instances
      • Vulnerability Scans
      • Other Host Security Functions
      • Dedicated Instance vs. Multi-Tenant
    • Application and Web Security
      • WAFs in the EC2 Environment
      • Architecting Applications for Availability
    • Securing Data at Rest
      • Where Is My Data?
      • Data Confidentiality
      • Disaster Recovery
    • Security Monitoring and Incidence Response
    • Strengths
      • Improving Physical, Administrative, and Network Security
      • Compatibility with Host-Based Security Products
      • Customers Have Flexibility and Control over Own Deployment
      • Third-Party Support
    • Weaknesses
      • Lack of Transparency
      • Limitations on Security Functionality Amazon Will Provide
      • Lack of Integration with Enterprise Identity Management Systems
  • Recommendations
    • Optimize the Support Relationship
    • Follow Sound Architecture Practices
    • Know the Risks to the Data
Tables
Table 1.
Division of Responsibilities Between Amazon and the EC2 Customer
Figures
Figure 1.
Network Zoning Topology Example




© 2011 Gartner, Inc. and/or its Affiliates. All Rights Reserved. Reproduction and distribution of this publication in any form without prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner's research may discuss legal issues related to the information technology business, Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The opinions expressed herein are subject to change without notice.




Resource Id: 1724652