One of the biggest questions we get from Clients is “Is Amazon EC2 secure” . That is like saying is my Vanilla network secure. Like anything you can take some steps to make the environment as secure as you can, such as:
– Ensure the system key is encrypted at start-up
– Ensure you plan for load balancing in case an instance goes down. Ensure you understand all the security implications of this and harden any other instances.
– Test or emulate the performance of applications deployed to the cloud in all geographies where you plan to deploy them. The latency could vary greatly for each.
– Never ever allow password base authentication for shell access.
– Encrypt all network traffic always.
– Always encrypt everything stored on S3
– Encrypt file systems for Block devices
– Open only the minimum required ports
– Include no authentication information in any AMI images
– Don’t allows any decryption keys into the cloud – understand the perils of keys and security
– Install host based intrusion detection system such as OSSEC
– Regularly backup Amazon instances and store them securely.
– Use Security Groups. With EC2 security groups, you can completely isolate every tier, even internally to the EC2 cloud.
– Design in a way you can issue security patches to AMI instances
The nightmare scenario that you cannot cater for is is that Xen has unforeseen security issues which would allow inter-VM communication and which in essence would enable instance spying. Amazons doomsday scenario…..