We have heard several cases like the ones below on cloud security. If you are able to relate to one of them, then a comprehensive security assessment is due.
"One of our recently fired DBA had access to few of our systems and he managed to truncate 5 years of production database of our customer on AWS. The DBA deleted the logs too. So we couldn't prove anyone that this was an unauthorized execution."
Solution: IAM access policies should be handled in a centralized manner. Worst Case, VPC flow logs should have enabled for tracking activities.
"We have an public internet facing application and it often go down due to DDoS attacks. We are facing huge productivity loss and bad customer reputation."
Solution: Have a Web Application Firewall enabled which will handle the detection and blocking of DDoS attacks.
"We found that our non-production Jenkins servers are being used by unidentified people to run Bitcoin mining programs. Our cloud usage for past 3 months have gone up by almost 50%."
Solution: Do you have ports open to public internet? If yes, can we relook at your architecture to seal these ports to avoid further exploitation?
Security of your cloud setup is a shared responsibility. AWS has put this way in an easy-to-understand manner. The security of applications hosted on AWS including IAM access, encryption, content, 3rd party APIs etc should be managed by the customer.
An application running on cloud has several vulnerability points. The need to secure these points depends on the application’s use, compliance requirements and customer budget.