Confidence in the Cloud: Five Ways IT Security Can Strengthen Your Small or Medium Size Business

by Anna Green | on

New digital business models are providing small and medium-sized businesses (SMBs) unprecedented advantage to reach new customers and expand into newer markets. But there’s one thing that stands in its way—IT security. The right resources are often out of reach – only one in four SMBs say they have the personnel to address IT security.

Increasingly, businesses are recognizing that protecting digital assets requires constant monitoring from dedicated personnel. There is a clear need to automate security and compliance tasks to reduce risk from various factors—such as unauthorized traffic, malware, or forged identity—and free up resources to focus on customers and core business needs.

In this blog post, I will discuss why companies of all sizes—but especially SMBs—are turning to Amazon Web Services to safeguard their businesses.

A closer look at cloud-based security

Managing security in a traditional on-premises computing model is complex. At the very least, businesses must have resources and capacity to fully own and be responsible for:

  • Network security: Installing and configuring a firewall to block suspicious traffic
  • Data security: Encrypting data, performing daily backups of files and databases, and managing on-device data, operating systems, and applications
  • Identity and access management: Administering user access privileges to critical applications
  • Compliance: Following data compliance and privacy regulations based on industry and geography)
  • Security event monitoring and management: Collecting and analyzing information to detect unauthorized system changes on your network

When companies migrate to the cloud, Amazon Web Services takes on the management of the infrastructure. You will benefit from our datacenters and a network designed to protect infrastructure. At Amazon Web Services, we use a shared responsibility model , where we are responsible for security “of” the cloud and customers manage security of data stored “in” the cloud (such as files, media assets, and more).

Let’s look at some ways the cloud is helping SMBs shift their focus from managing infrastructure to scaling and innovating their businesses.

1. Enforcing network and application security

Network and application security help you maintain business data. Secured businesses often have a mature network and infrastructure security program that accounts for most of their IT security budget.

Network and application protection on Amazon Web Services enables you to enforce security policies at network control points across your organization. Amazon Web Services helps you inspect and filter traffic to prevent unauthorized resource access at the host-, network-, and application-level boundaries. Prior to its migration to Amazon Web Services, Arista Group —a leading automotive dealer in Indonesia—experienced a brute force event due to a lack of adequate security monitoring. To prevent such attacks in its Amazon Web Services Cloud environment, the business deployed a solution for intelligent threat detection of malicious IP addresses and domains . Network flows and connectivity logs in Arista’s Amazon Web Services Cloud environment are now constantly checked for abnormalities.

Man in home office

2. Creating the infrastructure for you to secure critical data

Cybersecurity in healthcare is a unique challenge as medical data is sensitive and requires extreme confidentiality.

In Indonesia, private hospital Lira Medika (part of Pundi Raya Niaga ) is one example of an SMB that addressed data protection and privacy issues with Amazon Web Services. They decided to move several terabytes of information, most of which were large x-ray files and other medical images, from their servers to the cloud. Lira Medika first assessed which cloud services and best practices would address compliance with data privacy guidelines.

Lira Medika now uses  Amazon Web Services WAF – Web Application Firewall  to protect against common web exploits and  Amazon Web Services CloudTrail to track user access logs. In one incident, the business used Amazon Web Services CloudTrail to uncover a security gap that had caused nearly two hours of downtime. CloudTrail helped monitor and record account activity across Amazon Web Services infrastructure.

Moch Firmansyah, head of information technology at Pundi Raya Niaga says, “Amazon Web Services provides excellent native security tools, and our partner, PT Central Data Technology, advised us on how to properly implement encryption and access roles on the Amazon Web Services Cloud .”

The expertise of a partner can be especially relevant for companies like Lira Medika that must comply with the Health Insurance Portability and Accountability Act (HIPAA) or other compliance frameworks such as SOC 2, ISO 27001, and HITRUST. Because Amazon Web Services has an extensive partner ecosystem , SMBs can find providers that meet their budget and technological requirements.

New to digitization or looking to add more cloud capabilities to your SMB? Explore solutions by industry, benefit, use case, and more on Amazon Web Services Smart Business

3. Establishing the right access for the right users

In the cloud, it can be easier to manage user identity, access policies, and entitlements. Every action taken in Amazon Web Services is an application programming interface (API) call—a process which allows one application to request data or services from another application. What does it look like in action? If you have ever logged into one website with your credentials from another—such as social media or email—you’ve used an API. Each API call is protected by in-built identity and access management tools, meaning every action is subject to authentication and authorization. This reduces the governance burden on your limited resources.

Orix Auto Infrastructure Services (OAIS) is a transport solution company in India that has improved its security baseline with segregated accounts on Amazon Web Services for its four business units. The business deployed five Amazon Virtual Private Clouds (VPCs) for its production, testing, shared services, security, and log environments. It has separate teams working on production and non-production VPCs in each environment with well-defined access controls. Having multiple Amazon Web Services accounts and individual VPCs makes it possible to provide teams with controls and still keep production environments secure. A limited number of people now have access to OAIS’s production environment whereas, previously, the company had one network with open access for all support teams.

Segregation of accounts and rigorous access controls on Amazon Web Services has also made it easy to outsource log review to a third party. Logs are transferred from OAIS’s production servers to a separate server, where they are monitored 24/7 by an external partner. Harvinder Gandhi, group CIO at OAIS says, “We have peace of mind knowing that none of our partners have access to our critical servers. Our production environment is highly secure on Amazon Web Services.”

4. Allowing you to address compliance standards and regulations

Godrej Housing Finance has seen the home loan market in India grow by 32 percent from 2017 to 2021. As a custodian of sensitive customer data, it was important for the company to have a comprehensive view of their compliance status and continuously monitor their environment using automated compliance checks.

To keep data privacy and security at the forefront of operations, the business now uses a combination of Amazon Web Services Cloud services including Amazon GuardDuty  for intelligent threat protection,  Amazon Web Services Trusted Advisor  for automated security checks, and  Amazon Web Services CloudTrail  to monitor user activity in its backend. Importantly, this helps Godrej Housing Finance protect sensitive data such as customers’ Aadhaar, or unique personal identity number based on the world’s largest biometric ID system. Each customer’s Aadhaar number is securely encrypted in a data vault created on Amazon Web Services.

If the business had opted for a third-party commercial solution to meet regulatory architecture requirements such as the creation of an Aadhaar vault, the estimated cost of the technology stack would have been six to seven times higher than what Godrej Housing Finance spends today with Amazon Web Services native security services.

Jyothirlatha B, chief technology officer at Godrej Housing Finance says, “As a technology-oriented business, we’re aware of ever-present security threats. Our infrastructure setup with built-in guardrails on the Amazon Web Services Cloud helps ensure that the required governance mechanisms are in place. At the same time, this setup gives our teams the autonomy to innovate.”

5. Automating and continuous monitoring

Because Amazon Web Services security solutions are deeply integrated, customers’ IT teams or tech vendors can configure high-level automation. Businesses can reduce human configuration errors and give teams more time to focus on critical work.

ZS Associates is a consulting firm, building unique cloud architectures for clients in pharmaceutical and technology, leveraging automation and monitoring on the Amazon Web Services Cloud. ZS Associates estimates the company is saving about 1,000 hours of labor every month that would have been spent manually checking adherence to security best practices. It’s also able to onboard new clients three times faster using stackable security and other services from Amazon Web Services.

“Using Amazon Web Services gives us centralized visibility,” says Rujuswami Gandhi, director of cloud services for ZS Associates. “It’s always on and always live. It’s changing our whole mindset.”

Next steps

To learn more about cloud-based security solutions, you can also download our eBook, Secure Your Business with the Cloud .

If you’re ready to join the thousands of SMBs that have moved to the Amazon Web Services Cloud to simplify data security while lowering costs, contact Amazon Web Services SMB experts . Additionally, if you’re struggling with downtime or resilience , or have compliance concerns, contact our team to request a complimentary security assessment.