Amazon has significantly boosted the security of Amazon Redshift, its popular data warehousing solution, to prevent data breaches stemming from misconfigurations and insecure default settings.
Redshift, a competitor to Google BigQuery, Snowflake, and Azure Synapse Analytics, is prized for its petabyte-scale data handling, performance, scalability, and cost-effectiveness.
However, inadequate configurations have led to major incidents, such as the Medibank ransomware attack in October 2022, reportedly involving access to their Redshift platform.
To address these vulnerabilities and prevent data breaches, AWS introduced three crucial security defaults for new provisioned clusters:
First, public access is now restricted by default, confining new clusters within the user’s Virtual Private Cloud (VPC). Direct external access is blocked unless explicitly enabled, necessitating the use of security groups and network access control lists (ACLs) for controlled access.
Second, encryption is enabled by default for all clusters. Users must now specify an encryption key; otherwise, AWS-owned Key Management Service (KMS) keys will be used. Existing unencrypted clusters used for data sharing require both producer and consumer clusters to be encrypted to avoid disruptions.
Third, secure SSL (TLS) connections are enforced by default for all new and restored clusters, mitigating data interception and man-in-the-middle attacks. Users with custom parameter groups should manually enable SSL.
These changes affect newly created provisioned clusters, serverless workgroups, and restored clusters; existing setups remain unaffected initially. AWS strongly advises customers to review and update their configurations to align with these new defaults.
“We recommend that all Amazon Redshift customers review their current configurations for this service and consider implementing the new security measures across their applications,” states the AWS announcement.
“These security enhancements could impact existing workflows that rely on public access, unencrypted clusters, or non-SSL connections.” AWS provides support and guidance through its online Management Guide and AWS Support.
