Skip to the content

Follow us @UKAuthority

MoJ creates security baseline for Amazon cloud

17/06/19

Mark Say Managing Editor

The Ministry of Justice (MoJ) has set up a security baseline for its use of Amazon Web Services (AWS).

Cloud shaped lock

It marks a step in building up the security arrangements in the use of cloud platforms, and is described as “minimum security posture’ for the ministry’s AWS accounts, which currently number around 120.

The initiative has been outlined in a blogpost, which says the baseline provides a gold standard but still gives digital teams latitude for doing things differently when needed.

“We wanted to set the baseline at a good level, while catering for diverse architectures and applications, without creating unreasonable high-effort tasks for teams but ensuring we avoid common bad practice missteps like leaky S3 buckets (leaving S3 servers accessible without authentication or unencrypted),” it says.

Mandatory configurations

The base principle is that MoJ accounts on AWS must utilise agreed configurations, such as enabling the company’s GuardDuty and CloudTrail applications, along with tagging of all AWS objects and enforcing the Identity and Access Management facility.

The blog says the team has gone for a blend of generally accepted good practices, things that are a mixture of security and operational for good account and resource management, and the ability to use AWS platforms.

It is now helping teams in the MoJ to implement the baseline and looking at whether it can make it easier to implement, or if it is possible to set the bar higher.

It also aiming to develop similar security baselines for other public cloud solutions such as Microsoft Azure and Heroku.

Image from iStock, ewg3D

Register: Library & Alerts

Keep informed - Get the latest news about the use of technology, digital & data for the public good in your inbox from UKAuthority.