A System and Organization Controls (SOC) 2 examination attests that your organization is compliant with the criteria laid out by the Association of International Certified Professional Accountants (AICPA). The Common Criteria used in a SOC 2 examination cover a variety of system controls that ensure that your organization is operating with best practices to protect the customer data you process and prevent cyberattacks. One way to mitigate cybersecurity risks is to safeguard the Amazon Web Services (AWS) root account.
What is an AWS Root Account?
An AWS root user is a user identity that has complete access to all AWS services and information within the account. The root account is automatically set up when an AWS account is created, and it can be accessed by signing in with the email address and password that was used to create the AWS account. A root account can control everything in the cloud instance, so its usage should be both limited and monitored.
AWS Root Account and SOC 2
As a part of the SOC 2 process, an organization is required to implement logical security controls and monitor them for effectiveness. To protect against cyberattacks on a root account, an organization can follow some best practices to reduce vulnerabilities:
- Reduce the use of the root account as much as possible. Instead, create administrative users in the AWS IAM Identity Center for daily tasks.
- Enable multi-factor authentication for those who maintain access to the root account. This can help prevent unauthorized access to the account.
- Do not create access keys for the root user, since this provides another access method into the root account.
- Monitor who has access to the root account; this is a key process in protecting the security of the root account. This can be done using CloudTrail, which allows an organization to view the root account login attempts.
- Follow the principle of least privilege by giving users the level of access needed to complete a task, but nothing higher.
By following the best practices above, your organization is one step closer to becoming SOC 2 compliant.
Helping You Get There…
To learn more about the AWS root account, security controls, or our SOC 2 reporting services, connect with a member of Boulay’s Risk Advisory Team today. We’re dedicated to helping you get there.
Boulay provides the information in this article for general guidance only, and does not constitute the provision of legal advice, tax advice, accounting services, investment advice, or professional consulting of any kind. The information provided herein should not be used as a substitute for consultation with professional tax, accounting, legal, or other competent advisers. Before making any decision or taking any action, you should consult a professional adviser who has been provided with all pertinent facts relevant to your particular situation. The information is provided “as is,” with no assurance or guarantee of completeness, accuracy, or timeliness of the information, and without warranty of any kind, express or implied, including but not limited to warranties of performance, merchantability, and fitness for a particular purpose.
More Recent Stories
Input your search keywords and press Enter.