Simplify cloud security with Red Hat Enterprise Linux and AWS

As cloud adoption grows, security continues to be a leading concern for organizations of all sizes. In fact, 85% of organizations cite security as a top cloud challenge.¹ This concern is with good reason—45% of breaches in 2022 occurred in the cloud.² 

Consistency is at the core of security and compliance best practices in any environment. To protect your business, you need the same level of security policy and access controls in the cloud that you have on site in your datacenter. Standardizing on an operating foundation that provides consistent security controls across datacenter and cloud environments can help you improve security and compliance across your organization. Using Red Hat® Enterprise Linux® as your operating foundation across your datacenter and Amazon Web Services (AWS) cloud environments helps you create the consistency needed to maintain security and compliance.

The combination of Red Hat Enterprise Linux and AWS delivers integrated, automated security capabilities throughout your infrastructure and software stack, making it simpler to maintain security and compliance across your environments. Security is a key part of both the Red Hat Enterprise Linux and the AWS architectures and life cycles. Built-in operating system security features, security profiles, and compliance with industry and government regulations protect your systems no matter where you deploy them. Best practice-based default settings configure your systems for increased security from the start. Minimized package sets for prebuilt cloud images reduce your cybersecurity threat attack surface. Security upgrades and live patches are also provided as part of your Red Hat Enterprise Linux subscription.

Red Hat and AWS validate all Red Hat Enterprise Linux security profiles to ensure they run as expected on AWS infrastructure. AWS also includes advanced security features and a large number of compliance certifications and accreditations. AWS policies, architecture, and operational processes are built to the stringent requirements of security-sensitive organizations, and protect your information, identities, applications, and devices. Red Hat and AWS also provide security advisories for current issues and can work with you to resolve security problems when needed. 

With Red Hat Enterprise Linux and AWS, you can mitigate security risks, implement and maintain layered security, and streamline compliance across hybrid cloud environments. This overview describes key features and capabilities for adopting a consistent security approach across your datacenter and AWS environments.

The average time to identify and contain a data breach in 2022 was 277 days.² Finding and stopping a breach in 200 days or less can reduce its resulting cost by an average of 24%.² Consistent, daily monitoring can help you identify vulnerability and compliance risks before they interrupt business operations or result in a breach.

Included with Red Hat Enterprise Linux, Red Hat Insights is a suite of hosted services on the Red Hat Hybrid Cloud Console that continuously analyze platforms and applications to help you better manage and optimize your hybrid cloud environments. Red Hat Insights uses predictive analytics and deep domain expertise to identify, assess, and recommend remediation for security and compliance risks, along with other operational risks. It also helps you prioritize remediation actions based on the severity, type of risk, and impact of the change. Red Hat Insights works across on-site and cloud environments, allowing you to manage all of your Red Hat Enterprise Linux systems from a single interface. You can even link your Red Hat account to your AWS account to automatically connect your cloud-based systems and workloads to Red Hat Insights and other Red Hat services when you provision them.

Red Hat Insights includes services that help you protect hybrid cloud environments. The vulnerability service lets you scan your systems for Common Vulnerabilities and Exposures (CVEs), collect scan information, and access remediation guidance that is validated with AWS, using a single interface. And the malware service helps you identify on-site and cloud-based systems that contain active malware signatures quickly to prevent long-term exposure.

AWS also offers innovative security services and solutions that help you prevent, detect, respond, and remediate issues to improve your organization’s security posture.

Noncompliance can result in fines, damage to your business, and loss of certification in addition to security breaches. The average cost of a data breach for organizations with high levels of compliance failures was US$5.57 million in 2022.² High levels of compliance failures increased the cost of a data breach by US$258,293 on average in 2022.² 

Both Red Hat Enterprise Linux and AWS are certified to stringent government and industry standards, allowing you to use them confidently in highly regulated environments. For example, AWS regularly achieves 3rd-party validation for thousands of global compliance requirements, including Payment Card Industry Data Security Standard (PCI-DSS), Health Insurance Portability and Accountability Act (HIPAA), FedRAMP, General Data Protection Regulation (GDPR), and Federal Information Processing Standard Publication (FIPS) 140-2.

Additionally, Red Hat Insights includes services that help you more easily maintain compliance in hybrid cloud environments. The policies service lets you define custom security policies, monitor systems for compliance, and alert teams when a system is out of compliance. And the compliance service lets you audit compliance with OpenSCAP policies, remediate systems that are out of compliance, and generate reports for regulatory compliance and security audits. You can also tailor the default policies to your environment and operations to generate more accurate results.

Key built-in policy baselines include:

• PCI-DSS.
• Enhanced Operating System Protection Profile (Common Criteria).
• Australian Cyber Security Centre (ACSC) Essential Eight.
• Center for Internet Security (CIS) Benchmark.
• HIPAA.
• Defense Information Systems Agency Secure Technical Implementation Guidelines (DISA STIG).

72% of organizations have a hybrid cloud strategy in place today.¹ While this approach lets you choose the right infrastructure for each workload, it also creates complexity and increases your risk of inconsistencies that can lead to security and compliance issues.

The Red Hat Enterprise Linux image builder service helps you create, manage, and deploy Red Hat Enterprise Linux operating system images across hybrid cloud environments more quickly and easily. You can build customized, security-hardened images, save them as templates, and push them to your AWS inventory to simplify provisioning. As a result, you can be sure that your systems are configured consistently across your datacenter and AWS environments.

Ensuring system integrity is essential in large-scale, highly distributed environments. Untrusted and compromised systems can leave your organization vulnerable to attack by malicious actors.

Red Hat Enterprise Linux includes remote attestation capabilities for verifying the state of systems at boot and continuously monitoring the integrity of remote systems. Based on the Keylime open source project, remote attestation uses embedded Trusted Platform Module (TPM) hardware and the Linux kernel Integrity Measurement Architecture (IMA) to monitor systems at scale. You can also send encrypted files to the monitored systems and specify automated actions that are performed whenever a monitored system fails the integrity test.

Your data is a key asset for your business, and protecting it in the cloud is critical.

Red Hat Enterprise Linux includes support for network-bound disk encryption (NBDE) to simplify the protection of data at rest. NBDE automatically unlocks storage volumes via connections to one or more network servers or TPMs. This allows you to decrypt volumes without manually managing encryption keys and ensures that volumes are only available when they are secured.

AWS provides detailed data management capabilities, allowing you to encrypt, move, and administer your data according to your organization’s requirements in addition to regional and local data privacy laws. All data flowing across the AWS global network between AWS datacenters and regions is automatically encrypted at the physical layer. AWS also provides additional layers of encryption for all virtual private cloud (VPC) cross-region peering traffic, transport-layer security (TLS) connections, and more.

Traditional perimeter-based security approaches cannot effectively protect new, widely distributed, cloud-based environments. Zero trust architectures can help by applying security to each asset, rather than exclusively at a network perimeter. In fact, implementing zero trust reduces the cost of data breaches by 20.5% on average.² Identity and access management (IAM) is at the core of zero trust architectures.

Red Hat Enterprise Linux and AWS offer identity management tools and services to help you centralize identity management, enforce security controls, and comply with security standards across your entire environment. These tools and services deliver the capabilities needed to implement zero trust best practices while simplifying your identity management infrastructure. Authenticate users and implement policy-based or role-based access controls (RBAC). These tools and services integrate with Microsoft Active Directory, lightweight directory access protocol (LDAP), and other 3rd-party solutions through standard interfaces. They also support certificate-based authentication and authorization techniques.

As the size and complexity of your infrastructure grows, it becomes harder to manage manually. Cloud misconfigurations were the initial attack vector for 15% of data breaches, resulting in an average cost per breach of US$4.14 million in 2022.² Automation can help you configure and manage your systems faster, more consistently, and with less effort.

Red Hat Enterprise Linux system roles—powered by Red Hat Ansible® Automation Platform—use automation to help you install and manage security settings at scale in less time. System roles work with multiple Red Hat Enterprise Linux releases across datacenter and AWS cloud infrastructure, so you can configure new security settings and maintain them on all your systems with a single command or workflow. AWS also lets you automate manual security tasks to speed response times and reduce risk due to human errors. 

A consistent approach to security and compliance across hybrid cloud environments can help you better protect your organization. Running Red Hat Enterprise Linux via AWS gives you a security-focused foundation for running applications in your datacenter and in the cloud.

• See how Red Hat and AWS partner to simplify hybrid cloud adoption >>
• Explore cloud providers and options for Red Hat Enterprise Linux in the hybrid cloud >>