Can AWS personnel access my EC2 instances and monitor my data?

In this article, we explore the concern of whether personnel who manage AWS datacenters can access and monitor data in use in EC2 instances. We discuss the likelihood of this scenario and provide steps that developers can take to protect their data despite this reality.

Answer

Yes, they can theoretically access or monitor the data.

No, this should not be a concern. Their incentives (organizationally and individually) to provide a stable, secure service are certainly greater than their incentives to steal your application’s data, out of all of the millions of virtual machines and applications that they manage the infrastructure for.

As a developer, there is very little you can do to mitigate this, outside of not hosting with Amazon. Or any other cloud or managed service provider. Or collocation facility, for that matter.

Ultimately, any infrastructure that is out of your control is, well, out of your control. This should not keep you up at night though. It’s like spending your time worrying about being abducted by aliens. While the risk is theoretically possible, you would get more value for your time by focusing on just about any of the more mundane and realistic risks that your application will actually be in danger of falling prey to, like any of the OWASP Top 10.

Steps you can (and should) take:

So, are there steps that you as an application developer can take to protect your data despite these realities? Sure, there are several things you can do.

The most basic (and possibly obvious) is don’t collect or keep any data you don’t absolutely need, and purge the data you do keep as soon as you can. Less data means less to lose in an attack.

Second, protect the data your application uses. Start by protecting it in transit. Use HTTPS/TLS for communications between your application and the users. This is an effective and inexpensive way to protect it from anyone who has access to the data center network to sniff traffic on the wire. Protect it at rest as well. If you have user passwords, protect them with a slow hash algorithm like bcrypt. This way, even if the data is accessed, it can’t be easily abused. For other sensitive data you can look at encryption, and major cloud providers these days (Including Amazon AWS and Microsoft Azure) offer cloud-based HSMs for protecting encryption keys. While still not foolproof, it at least guarantees that someone who gains access to your VMs or disk images won’t also capture your encryption keys.

To sum up, there are always steps that you can take that will make your application and data more secure, even when you don’t control the infrastructure. It still boils down to understanding your application and business needs, the realities of how and where it runs, and then threat modeling it correctly for its purpose and environment and mitigating appropriately. From there, following standard secure design, development, and operational practices will help to ensure that your application and data are as safe as they can be.

Leave a Reply

Your email address will not be published. Required fields are marked *