When running mission critical applications on AWS, like your commerce platform, it goes without saying that security should be a top concern. While AWS provides key aspects of security, there is a shared responsibility given that AWS security capabilities stop at the infrastructure level. As a retailer running a commerce platform, there is much more that you need to do in order to protect your web store. It is also important to leverage knowledgeable partners that understand these challenges, like system integrators and managed service providers. To help get you started, here are 7 technologies that you should consider implementing ahead of the busy holiday season to help make your web store much more secure. If you haven’t already discussed these with your partners, you should consider having these conversations with them as soon as possible.
Encrypted/Restricted Admin Access: One of the first things that you should consider doing is restricting access to the servers that power your web store. Limiting access to administrative login points by source IP, and encrypting the administrative traffic is a solid strategy for securing your site’s “back door”.
Two Factor Authentication: Weak or lost passwords are another common source of security breaches. Two Factor Authentication requires a second method of logging into your system besides a password, typically in the form of an encrypted key. Leverage two factor authentication on administrative interfaces to decrease the likelihood that a compromised password can be used for unauthorized administrative access.
Intrusion Detection/Prevention: These types of services monitor traffic to your web store and identify suspicious patterns in your traffic that represent attempts by hackers to compromise your systems. Intrusion Detection Services (IDS) notify your team of the attack so that they can take evaluate and neutralize the attack. Intrusion Prevention Services (IPS) automatically attempt to neutralize the attack and notify your team of the attempted breach. An effective IPS solution will also provide protection from zero-day attacks and new exploits extremely fast, neutralizing attacks well in advance of software patches being available from third parties.
Anti-Malware: Scanning for malware attacks and preventing them from compromising your security is a critical component of any security plan. Each virtual machine on AWS should run malware inspection/detection software that is regularly updated to prevent zero-day attacks and known attack vectors.
Log Monitoring: Servers generate a lot of data about changes that occur to them and their ongoing state. This type of data is called “log data”. Most data security regulations and compliance standards require that relevant log data is collected, managed, and safely stored so that companies can identify when and how a security breach occurred. Log Monitoring services monitor this log data in real time and automatically alert you to suspicious activity that occurs on your AWS virtual machines. This enables you to immediately respond to security incidents across all of your AWS infrastructure. They also archive log data to allow for future forensic discovery and compliance reporting.
File Integrity Monitoring: A common attack vector used by hackers involves altering or replacing critical system files like application executables, configuration files and log data files. File Integrity Monitoring solutions monitor these critical system files and alert you when changes occur. If you are storing credit card data on AWS, this type of monitoring is a requirement for PCI compliance. Using a host-based File Integrity Monitoring solution, properly configured and managed, will ensure that you meet this security objective.
Host Based Firewall: A host based firewall is software that runs on each of your AWS servers that limits the ways that a hacker can access your systems. It blocks attacks and limits communication to only the ports and protocols that you specify. It also captures a log of all network activity and provides an audit trail for compliance reporting at the instance level, which is an important requirement for PCI compliance.
This list of 7 important security technologies that you should implement before the holiday shopping season is not exhaustive, but it is a great start. When managed well, these technologies deliver a significantly more secure environment for your commerce platform to run in. In a future blog post, we’ll discuss the importance encryption can play in further securing your web store.