Use mechanisms to keep people away from data

PostedNovember 28, 2024

UpdatedNovember 28, 2024

ByKevin McCaffrey

To protect sensitive data and systems, it’s essential to limit direct human access under normal operational circumstances. By using automation tools and workflows, you can reduce the risk of human error, security breaches, or misconfigurations. Instead of allowing direct shell or database access, you can use automation tools like AWS Systems Manager, dashboards for business users, and break-glass mechanisms to minimize the need for human intervention.

Use AWS Systems Manager for remote management: Manage EC2 instances and other resources using AWS Systems Manager Automation, which allows you to automate tasks without needing direct access or a bastion host. Systems Manager uses predefined automation documents (SSM Documents) to perform tasks such as patching, configuration changes, or system management. These documents can be version-controlled, peer-reviewed, and tested, minimizing the risks associated with manual access.
Automate operational tasks: Implement automated workflows to perform routine operational tasks without manual intervention. AWS Systems Manager Run Command can execute scripts or commands on your EC2 instances without requiring SSH or RDP access. This keeps users away from the data and infrastructure while ensuring operational tasks are performed consistently and securely.
Provide dashboards instead of direct data access: Instead of granting business users direct access to databases or data stores, create dashboards that provide the information they need in a controlled and secure manner. Tools like Amazon QuickSight or AWS CloudWatch Dashboards can provide insights and query results without exposing the underlying data or infrastructure to users. This reduces the risk of unauthorized data access or accidental changes.
Implement break-glass access mechanisms: Where direct access is occasionally required for emergencies or troubleshooting (e.g., “break-glass” access), ensure that access is disabled by default and tightly controlled. Define processes for enabling break-glass access, such as requiring approval from multiple stakeholders or senior management, logging all access activities, and ensuring that access is temporary and automatically revoked after use. AWS IAM can manage temporary access using roles with time-limited permissions.
Use CI/CD pipelines for infrastructure management: Automate infrastructure deployments and changes through CI/CD pipelines to keep users away from manually configuring resources. Use tools like AWS CloudFormation, AWS CodePipeline, and AWS CodeBuild to deploy infrastructure-as-code, ensuring that changes are automatically version-controlled, peer-reviewed, and tested. By managing infrastructure through pipelines, the need for direct access to systems is significantly reduced.
Enable monitoring and auditing for all access attempts: Even when using automated tools and dashboards, monitor and log all access attempts. AWS CloudTrail can track API calls, providing an audit trail for any actions taken within your AWS environment. Use Amazon CloudWatch to set alerts for unusual activity or access attempts. This ensures visibility into all activities and provides accountability for access to sensitive data and resources.
Disable shell and database access by default: Ensure that shell and database access to your resources is disabled by default. Where necessary, use AWS Systems Manager Session Manager instead of SSH or RDP to provide controlled, auditable access to your systems. Session Manager enables secure, browser-based access to instances without exposing them to the internet or requiring a bastion host.
Control and limit data access with IAM roles and policies: Implement IAM roles and policies to tightly control who can access data and resources. Ensure that data access is governed by roles with the least privilege necessary for users to perform their tasks, reducing the likelihood of unauthorized access or data leakage.

Supporting Questions:

How do you minimize the need for direct access to sensitive data and systems in your environment?
What automation tools and workflows do you use to perform operational tasks without human intervention?
How do you handle emergency (break-glass) access in a controlled and secure manner?

Roles and Responsibilities:

Cloud Security Engineer:

Responsibilities:
- Implement and manage AWS Systems Manager automation workflows to replace direct access to systems and data.
- Configure and manage break-glass access mechanisms, ensuring that emergency access is tightly controlled and monitored.

Cloud Administrator:

Responsibilities:
- Use dashboards to provide business users with necessary insights without granting them direct access to databases or data stores.
- Ensure that shell and database access is disabled by default and use session management tools like AWS Systems Manager for controlled access when necessary.

Artefacts:

Automation Playbooks: Documents and automation scripts stored in version control, outlining steps for routine operational tasks, replacing manual access.
Break-glass Access Policy: Documentation detailing the processes and controls for emergency access, including approval workflows, audit requirements, and automatic access revocation.
Access Logs and Monitoring Reports: Logs from AWS CloudTrail and CloudWatch that provide visibility into all access attempts and actions performed in your environment.

Relevant AWS Services:

AWS Management and Automation Tools:

AWS Systems Manager Automation: Automates routine management tasks using predefined SSM Documents, reducing the need for direct access to systems.
AWS Systems Manager Session Manager: Provides secure, auditable access to EC2 instances without requiring SSH or RDP, keeping users away from the underlying infrastructure.
AWS CloudFormation: Manages infrastructure as code, enabling automated deployment of resources through CI/CD pipelines, reducing the need for manual configuration.
AWS CodePipeline: Automates infrastructure changes and deployments, ensuring that updates to systems are managed through code and peer-reviewed before execution.

Data Access and Monitoring Tools:

Amazon QuickSight: Provides dashboards and data visualization, allowing business users to access insights without direct data access.
AWS CloudTrail: Logs API calls and access attempts, providing a comprehensive audit trail for all activities related to sensitive data and systems.
Amazon CloudWatch: Monitors and alerts on operational activities, helping detect any unauthorized or unusual access attempts in your environment.

Security and Access Management Tools:

AWS Identity and Access Management (IAM): Manages roles and policies for users and services, ensuring that data access is tightly controlled based on the principle of least privilege.
AWS IAM Temporary Roles: Grants temporary access for break-glass situations, ensuring that emergency access is tightly controlled and automatically revoked after use.

Operational Excellence

Determine what your priorities are

Structure your organization to support your business outcomes

Organizational culture to support your business outcomes

Implement observability in your workload

Reduce defects, ease remediation, and improve flow into production

Mitigate deployment risks

Be ready to support a workload

Uilize workload observability

Understand the health of your operations

Manage workload and operations events

Evolve your operations

Security

Securely operate your workload

Manage identities for people and machines

Manage permissions for people and machines

Detect and investigate security events

Protect your network resources

Protect your compute resources

Classify your data

Protect your data at rest

Protect your data in transit

Anticipate, respond to, and recover from incidents

Incorporate and validate the security properties of applications throughout the design, development, and deployment lifecycle

Reliability

Manage service quotas and constraints

Plan your network topology

Design your workload service architecture

Design interactions in a distributed system to prevent failures

Design interactions in a distributed system to mitigate or withstand failures

Monitor workload resources

Design your workload to adapt to changes in demand

Implement change

Back up data

Fault isolation to protect your workload

Design your workload to withstand component failures

Test reliability

Plan for disaster recovery (DR)

Cost Optimization

Implement cloud financial management

Govern usage

Monitor your cost and usage

Decommission resources

Evaluate cost when you select services

Meet cost targets when you select resource type, size and number

Use pricing models to reduce cost

Plan for data transfer charges

Manage demand, and supply resources

Evaluate new services

Evaluate the cost of effort

Performance

Select the appropriate cloud resources and architecture patterns for your workload

Select and use compute resources in your workload

Store, manage, and access data in your workload

Select and configure networking resources in your workload

Support more performance efficiency for your workload

Sustainability

Select Regions for your workload

Align cloud resources to your demand

Take advantage of software and architecture patterns to support your sustainability goals

Take advantage of data management policies and patterns to support your sustainability goals

Select and use cloud hardware and services in your architecture to support your sustainability goals

Implement organizational processes support your sustainability goals