The following article was posted on GigaOm and was based on our analysis and cloud security insights that Newvem’s big data engine reveals. In this article, you will find 5 important low hanging fruits that you should recognize in order to have your Amazon cloud account secure. If you are an Amazon cloud services’ user, we invite you to connect your AWS cloud account to our non-intrusive service in order to know your cloud and learn more, not only your AWS security, but also about money that you’re wasting, point of failures (POFs) and poor performance yields.

[Newvem scans and identifies the status of your security group configurations, continuously monitors their status, and alerts you of vulnerabilities.  Use it for Free!]

An awful lot of people use Amazon’s cloud services for an awful lot of things. And many of those people have pretty awful implementation practices.  That’s what the folks at Newvem are watching like a hawk.

Based on Newvem’s study of Amazon users, here are the five biggest screwups they make in the Amazon cloud service.

1 - Leaving database server IP ports open to the universe. Usually there’s no reason for database servers to be accessed direct from the net. Database entry should be via web or application servers, which act as a buffer.

2 - Opening access to IP ports from all internal AWS servers. This is easy to do by mistake but it can be costly. It can happen if one security group was configured to allow access to the following IP range – 10.0.0.1/8.

3 - Leaving IP ports open to all IP addresses. The best practice is to keep open ports to a minimum and limit access from the outside world to only those services that really require Internet facing access like port 80 for HTTP and port 443 for HTTPS.

4 - Allowing access to critical IP ports from public Internet IP addresses. These ports are similar to the database ports mentioned above, but services like memcached may expose your cloud environments to risk if they’re accessible from non-trusted IP addresses. Critical IP ports should be locked down, limiting access to them from private networks only.

5 - Making Amazon Machine Images publicly accessible. AMIs often contain sensitive data so leaving them ajar is risky but it happens all the time. Rule of thumb: When building an AMI, make sure to set the policy to private. (Conversely, if you want to share AMIs, make sure sensitive data is redacted.)

Cameron Peron, Newvem’s VP of marketing and business development said most of these mistakes are just that, mistakes.  ”The most shocking thing is that nearly all of these are caused from confusion when making changes and scaling up AWS,” he said via email.

Of course, Newvem, the Israeli startup, wants customers to use its analytics service to find these flaws in Amazon cloud implementations and correct them. There are a growing number of tools from vendors like Cloudability, Cloudyn and others to help users get a better handle on what, exactly, is going on in their public cloud deployments.

Cross-posted on GigaOM by Barb Darrow

Download the complete analysis - 5 Most Common Causes of AWS Security Vulnerabilities 

Check out the list of The 10 Most Common Amazon’s AWS Usage Mistakes

[Newvem scans and identifies the status of your security group configurations, continuously monitors their status, and alerts you of vulnerabilities.  Use it for Free!]

About the Author

Cameron Peron, VP Marketing at Newvem

Cameron is a marketing expert who has been actively engaged in several internet ventures since arriving in Israel in 2005. Playing crucial roles in management, brand development and business model execution, he has assisted in the successful release and early stage phases for several ventures including AdsMarket Ltd. While in the United States Cameron held several positions in international consumer marketing and licensing. He graduated from the University of Arizona in 2001 with a B.A. in Marketing & Global Business.

Linkedin   Follow him on twitter

Keywords: Amazon AWS Cloud services, security group, AMI, Amazon Machine Image, Cloud IP ports, Database Firewall Ports, AWS Security vulnerabilities, AWS Firewall