Amazon Redshift is getting new security features by default that should make the popular data warehouse solution much more secure. These features should prevent misconfigurations and insecure default settings from leading to data breaches.
Amazon Redshift regularly experienced data breaches, mainly due to bad configurations and poorly thought-out default settings. AWS says it has ended this by providing the solution with three new default security settings. These settings target newly created clusters and should improve the platform’s data security and reduce the likelihood of “catastrophic” data breaches.
New default settings
First, the default settings limit public access to new clusters. By default, these clusters are now restricted to the end user’s Virtual Private Cloud (VPC), preventing external access.
When public access is still desired, it must be explicitly turned on. In doing so, the tech giant advises customers to grant this access on a limited basis with security groups and network access control lists (ACLs).
The second change AWS has now made by default in Amazon Redshift is setting encryption for all clusters. According to the tech giant, this should ensure that data cannot leak in the event of unauthorized access.
Users must now specify a specific encryption key for their clusters. They can also be encrypted via a Key Management Service (KMS) key managed by the tech giant.
In addition, end users who use non-encrypted clusters to share data must ensure that both “producer” and “consumer” clusters are encrypted. If these workflows are not updated, problems could arise when changes go live.
The third and final change Amazon Redshift is mandating is secure SSL (TLS) connections by default for all new and restored clusters. This should prevent data interception and man-in-the-middle attacks.
End users with so-called “custom parameter groups” are urged to enable SSL manually to improve their security.
Attention to all users
AWS explicitly states that these new improvements primarily affect newly set-up clusters, serverless workgroups, and restored clusters. Existing setups are not directly affected.
However, the tech giant does urge customers to review and update their configurations to meet the new security default settings.
Also read: Informatica integrates Data Loader into Amazon Redshift