Mitigating Insider Threats in AWS: A Zero Trust Perspective

Insider  Threats  continue  to  be  prevalent  risks  faced  by organizations which is further exacerbated given the rising security complexity in the cloud. There is a general lack of academic  research  performed  within  the  intersection  of Insider  Threats,  Cloud  and  Zero  Trust.  The  paper investigates   the   implementation   of   Zero   Trust Architecture(s)  through  a  simulated  workload  deployment onto Amazon Web Services (AWS). The simulated workload mimics a typical cloud native (AWS) organization that has most  of  its  computing  tasks  deployed  onto  AWS.  The deployed architecture adopts design principles from Payment Card  Industry  Data  Security  Standard  (PCI-DSS)  while maintaining alignment to Zero Trust whenever possible. A total of 5 different Insider Threat Scenarios were developed and emulated within the environment. Observations of how various AWS services controls reacted when these activities were   emulated,   were   captured   and   evaluated. Recommendations, in alignment with Zero Trust, are then put  forth  to  guide  cloud  adopters  to  strengthen  their deployment’s defense capabilities against Insider Threats.