AWS Smart Business Blog
Confidence in the Cloud: Five Ways IT Security Can Strengthen Your Small or Medium Size Business
New digital business models are providing small and medium-sized businesses (SMBs) unprecedented advantage to reach new customers and expand into newer markets. But there’s one thing that stands in its way—IT security. The right resources are often out of reach – only one in four SMBs say they have the personnel to address IT security.
Increasingly, businesses are recognizing that protecting digital assets requires constant monitoring from dedicated personnel. There is a clear need to automate security and compliance tasks to reduce risk from various factors—such as unauthorized traffic, malware, or forged identity—and free up resources to focus on customers and core business needs.
In this blog post, I will discuss why companies of all sizes—but especially SMBs—are turning to Amazon Web Services to safeguard their businesses.
A closer look at cloud-based security
Managing security in a traditional on-premises computing model is complex. At the very least, businesses must have resources and capacity to fully own and be responsible for:
- Network security: Installing and configuring a firewall to block suspicious traffic
- Data security: Encrypting data, performing daily backups of files and databases, and managing on-device data, operating systems, and applications
- Identity and access management: Administering user access privileges to critical applications
- Compliance: Following data compliance and privacy regulations based on industry and geography)
- Security event monitoring and management: Collecting and analyzing information to detect unauthorized system changes on your network
When companies migrate to the cloud, AWS takes on the management of the infrastructure. You will benefit from our datacenters and a network designed to protect infrastructure. At Amazon Web Services, we use a shared responsibility model, where we are responsible for security “of” the cloud and customers manage security of data stored “in” the cloud (such as files, media assets, and more).
Let’s look at some ways the cloud is helping SMBs shift their focus from managing infrastructure to scaling and innovating their businesses.
1. Enforcing network and application security
Network and application security help you maintain business data. Secured businesses often have a mature network and infrastructure security program that accounts for most of their IT security budget.
Network and application protection on AWS enables you to enforce security policies at network control points across your organization. AWS helps you inspect and filter traffic to prevent unauthorized resource access at the host-, network-, and application-level boundaries. Prior to its migration to AWS, Arista Group—a leading automotive dealer in Indonesia—experienced a brute force event due to a lack of adequate security monitoring. To prevent such attacks in its AWS Cloud environment, the business deployed a solution for intelligent threat detection of malicious IP addresses and domains. Network flows and connectivity logs in Arista’s AWS Cloud environment are now constantly checked for abnormalities.
2. Creating the infrastructure for you to secure critical data
Cybersecurity in healthcare is a unique challenge as medical data is sensitive and requires extreme confidentiality.
In Indonesia, private hospital Lira Medika (part of Pundi Raya Niaga) is one example of an SMB that addressed data protection and privacy issues with AWS. They decided to move several terabytes of information, most of which were large x-ray files and other medical images, from their servers to the cloud. Lira Medika first assessed which cloud services and best practices would address compliance with data privacy guidelines.
Lira Medika now uses AWS WAF – Web Application Firewall to protect against common web exploits and AWS CloudTrail to track user access logs. In one incident, the business used AWS CloudTrail to uncover a security gap that had caused nearly two hours of downtime. CloudTrail helped monitor and record account activity across AWS infrastructure.
Moch Firmansyah, head of information technology at Pundi Raya Niaga says, “AWS provides excellent native security tools, and our partner, PT Central Data Technology, advised us on how to properly implement encryption and access roles on the AWS Cloud.”
The expertise of a partner can be especially relevant for companies like Lira Medika that must comply with the Health Insurance Portability and Accountability Act (HIPAA) or other compliance frameworks such as SOC 2, ISO 27001, and HITRUST. Because AWS has an extensive partner ecosystem, SMBs can find providers that meet their budget and technological requirements.
3. Establishing the right access for the right users
In the cloud, it can be easier to manage user identity, access policies, and entitlements. Every action taken in AWS is an application programming interface (API) call—a process which allows one application to request data or services from another application. What does it look like in action? If you have ever logged into one website with your credentials from another—such as social media or email—you’ve used an API. Each API call is protected by in-built identity and access management tools, meaning every action is subject to authentication and authorization. This reduces the governance burden on your limited resources.
Orix Auto Infrastructure Services (OAIS) is a transport solution company in India that has improved its security baseline with segregated accounts on AWS for its four business units. The business deployed five Amazon Virtual Private Clouds (VPCs) for its production, testing, shared services, security, and log environments. It has separate teams working on production and non-production VPCs in each environment with well-defined access controls. Having multiple AWS accounts and individual VPCs makes it possible to provide teams with controls and still keep production environments secure. A limited number of people now have access to OAIS’s production environment whereas, previously, the company had one network with open access for all support teams.
Segregation of accounts and rigorous access controls on AWS has also made it easy to outsource log review to a third party. Logs are transferred from OAIS’s production servers to a separate server, where they are monitored 24/7 by an external partner. Harvinder Gandhi, group CIO at OAIS says, “We have peace of mind knowing that none of our partners have access to our critical servers. Our production environment is highly secure on AWS.”
4. Allowing you to address compliance standards and regulations
Godrej Housing Finance has seen the home loan market in India grow by 32 percent from 2017 to 2021. As a custodian of sensitive customer data, it was important for the company to have a comprehensive view of their compliance status and continuously monitor their environment using automated compliance checks.
To keep data privacy and security at the forefront of operations, the business now uses a combination of AWS Cloud services including Amazon GuardDuty for intelligent threat protection, AWS Trusted Advisor for automated security checks, and AWS CloudTrail to monitor user activity in its backend. Importantly, this helps Godrej Housing Finance protect sensitive data such as customers’ Aadhaar, or unique personal identity number based on the world’s largest biometric ID system. Each customer’s Aadhaar number is securely encrypted in a data vault created on AWS.
If the business had opted for a third-party commercial solution to meet regulatory architecture requirements such as the creation of an Aadhaar vault, the estimated cost of the technology stack would have been six to seven times higher than what Godrej Housing Finance spends today with AWS native security services.
Jyothirlatha B, chief technology officer at Godrej Housing Finance says, “As a technology-oriented business, we’re aware of ever-present security threats. Our infrastructure setup with built-in guardrails on the AWS Cloud helps ensure that the required governance mechanisms are in place. At the same time, this setup gives our teams the autonomy to innovate.”
5. Automating and continuous monitoring
Because AWS security solutions are deeply integrated, customers’ IT teams or tech vendors can configure high-level automation. Businesses can reduce human configuration errors and give teams more time to focus on critical work.
ZS Associates is a consulting firm, building unique cloud architectures for clients in pharmaceutical and technology, leveraging automation and monitoring on the AWS Cloud. ZS Associates estimates the company is saving about 1,000 hours of labor every month that would have been spent manually checking adherence to security best practices. It’s also able to onboard new clients three times faster using stackable security and other services from AWS.
“Using AWS gives us centralized visibility,” says Rujuswami Gandhi, director of cloud services for ZS Associates. “It’s always on and always live. It’s changing our whole mindset.”
Next steps
To learn more about cloud-based security solutions, you can also download our eBook, Secure Your Business with the Cloud.
If you’re ready to join the thousands of SMBs that have moved to the AWS Cloud to simplify data security while lowering costs, contact AWS SMB experts. Additionally, if you’re struggling with downtime or resilience, or have compliance concerns, contact our team to request a complimentary security assessment.