AWS Smart Business Blog

Five Considerations for Small and Medium Businesses Building Secure Cloud Solutions

Security is often top of the mind for small and medium sized business (SMB) leaders as they plan to invest more in cloud computing. They want to be able to identify security events, protect systems and services, and maintain the confidentiality and integrity of data. SMBs are challenged with limited knowledge or information on cost to support secured cloud solutions. Security tools and techniques can play an important role in securing SMBs data because they support objectives such as preventing financial, reputational, legal loss, or complying with regulatory obligations. However, it can be challenging for SMBs early in their cloud journey to know how to prioritize and develop a strong security strategy.

According to a Ponemon Institute study, 60 percent of IT and security leaders are not confident in their ability to secure access to cloud environments. And in fact, another study reported 84 percent of companies surveyed said their security maturity levels were low and essentially reactive. This low level of preparedness and maturity is a business risk for SMBs. With Amazon Web Services, cloud security tools, SMBs can adopt the cloud securely, proactively mitigate against risks and gain end-to-end visibility.

In this blog post, we cover five focus areas for prioritizing security needs while building your secure cloud environment. The focus area help answer common questions from SMB leaders, including:

  • How do we build a cloud environment and stay secure?
  • How do we learn about security issues ahead of time?
  • How do we protect our data from incidents with low-cost investments?

1. Build a security-first culture within your business

It’s not always possible for SMBs to have a security leader in charge of all their operations and strategies. One way to make sure security stays top of mind in the business is to create a security-first culture in all areas. At AWS, security is a top priority and we make it everyone’s job. Similarly, SMBs can embed security as core and foundational in how they design solutions, and balance security with risk management, productivity, and product innovation using a secure cloud environment.

Forming stronger, more intentional partnerships with cross-functional leaders can open the door for collaboration and help build security into everything. Create the organizational alignment with various stakeholders and get them onboarded to focus on creating a stronger security posture.

2. Dive deep on security controls at AWS

Business leaders must have a clear picture of their business’s security posture. It’s helpful to design the cloud security strategy for your businesses with practical and clear milestones. Plan for regular audits to help ensure your business is protected at all times. Educating the teams responsible for implementing these measures is also critical. As a best practice, conducting regular audits every 6-12 months can report potential gaps that organizations need to act on. Learn about different AWS security services available today that provide automated audits and generate reports as needed. There is third-party software offered through the AWS Partner Network that can help manage pricing in a cost-effective manner. Practically, this means rolling up your security audit costs in one bill along with your monthly AWS charges.

New to digitization or looking to add more cloud capabilities to your SMB? Explore solutions by industry, benefit, use case, and more on AWS Smart Business

3. Maintain healthy and up-to-date systems

Security is important both for cloud workloads and devices or systems that connect to the cloud. Unpatched or non-compliant systems and devices can open up your SMB to unnecessary risk, which is one reason why security monitoring is so important. Vulnerabilities can be part of buggy software, outdated operating systems, or compromised networks. Using the right monitoring tools available can help you maintain healthy systems. As an SMB, we recognize that these systems are critical to your business and any issues can impact revenue or productivity.

We offer services that can support businesses on AWS Cloud or legacy on-premises servers. They can help you better manage healthy systems and you pay only when you use those services. The use of automated operations can also scale up your management and governance processes. In addition, AWS provides vulnerability reporting for SMBs to address any aspect of its cloud services.

4. Understand the AWS Shared Responsibility Model

At AWS, we have a Shared Responsibility Model in which we are responsible for security of the cloud and our customers are responsible for security of data stored in the cloud. Put another way, AWS is responsible for securing the cloud infrastructure, and customers are responsible for managing access controls, securing their data, and securing the networks.

AWS Shared Responsibility Model depicting how customers are responsible for their own data, while AWS is responsible for the infrastructure hosting it.

Figure 1: AWS Shared Responsibility Model

5. Build secure applications in addition to your infrastructure

At AWS, security infrastructure is built to satisfy the highest requirements of the world’s leading financial, educational, and governmental institutions, and high sensitivity organizations that rely on it. If your applications residing on AWS infrastructure are not secure enough, it could lead to unforeseen incidents that you cannot recover from. We suggest using detection services when necessary to detect malicious activity on your account and data. However, there can be simple methods incorporated to enhance your application security. Here is one illustrative scenario:

  • Ensuring least access privilege: Simply, this means users should only have access to the specific apps needed for a task. For instance, only a few people in your SMB should have consistent access to software with employee wages.
  • Controlling access with policies: This means formalizing what specific roles, such as human resources and payroll, should have access to view wages.
  • Secure your AWS identities: With AWS, enable a second form of verification called multi-factor authentication (MFA) for the root user. We also recommend identity federation, which ultimately means a user’s identity can be linked across different business apps for a more seamless, secure experience. Together, continuously analyze access permissions as part of the least-privilege journey.

According to a recent IDC report, AWS customers reported on average 43 percent fewer monthly security incidents, and 69 percent reduction in unplanned downtime, however application level risks such as public access to your cloud environment and unsecured networks can be prevented.

Next steps

Securing cloud environments and data protection while keeping costs low is critical to SMBs. With a security-first architecture and awareness of security controls, organizations can prevent, detect, respond and remediate security incidents effectively.

Learn how to secure your business with specific SMB solutions. AWS can also support you in connecting with security partners relevant to your business. Ready to speak with an AWS expert? Contact us now to chat through your needs.

Lavanya Bandari

Lavanya Bandari

Lavanya Bandari is a Sr. Solutions Architect who supports SMB customers at AWS. She has over 16 years of experience steering the development, data analysis, machine learning (ML) implementation, and delivery of products and technologies for ReWise, PayPal, and eBay. She is based in California (US).

Deepti Venuturumilli

Deepti Venuturumilli

Deepti Venuturumilli is a Sr. Solutions Architect who supports SMB customers at AWS. Before joining AWS, she was a Principal Technical Lead for American Airlines. She holds a PhD in Computer Science from the University of Cincinnati and is based in Arizona (US).