There are nine key areas where AWS’s focus on security becomes apparent, they are:
1. Accreditations:
Organizations need to be compliant with different security certifications, and it can be a tedious costly, and time-consuming process to secure all the needed ones on one’s own.
With AWS Cloud, you don’t have to bother. AWS supports more security standards and compliances that any other cloud platform. And it makes it easy to inherit these compliance controls. Users can use this to get compliant with the world’s strictest security accreditations, including PCI-DSS, HIPAA/HITECH, FedRAMP, GDPR, FIPS 140-2, and NIST 800-171. This enables customers to meet compliance requirements for almost any regulatory agency around the globe.
AWS simplifies the process and makes it economical for you to earn and become compliant with world-class security standards as per your needs.
2. Physical Security:
Security is not just virtual, you also need to have a physically secure environment. This means hiring the requisite manpower, setting up and manning CCTV security, discarding end-of-life hardware, etc. Physical security has multiple levels and the cost can be daunting, thanks to inflation, the price of infrastructure, can pose a significant drain on your budget, were you to be entirely responsible for it.
3. Network Security:
Hackers are getting smarter, and the number of malicious attacks mounted each year will only grow. Be it Distributed Denial of Service (DDoS) attacks, Man in the Middle (MITM), IP Spoofing, unauthorized Port Scanning, Packet Sniffing, or Configuration Management the threats are always present and the cost of staying vigilant and up-to-date in your systems and process can be very high. AWS Cloud takes away much of the responsibility.
4. Fault Tolerance:
Disaster can strike at any time, and the consequences for businesses that maintain their infrastructure can be massive. This is why AWS has established a global spread of infrastructure with eight Regions, each in a different seismic zone. In addition, each Region has multiple Availability zones (AZ). Distribution and replication of your data across multiple Regions, or AZs in the event of specific statutory regulations, ensures your precious workloads are safe in the event of any disaster from hardware failure to a natural calamity affecting any geography.
5. Visibility:
How do you protect what you don’t know you have? This poster by Stephen Schmidt, Amazon’s Chief Security Officer, neatly sums up the problem that CIOs commonly struggle with.
Taking inventory and conducting annual audits are one way to one way to know what’s in your environment. But AWS gives you an easier to can take your inventory, know firewall rules, the exact number of servers, storage space, OS, and any other software/hardware in use.
This enhanced level of visibility provides a simpler way to mitigate infrastructure-related risks.
The AWS Management Console gives users a web interface to manage all the resources they are using in their AWS account. And since AWS also supports multi-factor authentication, it ensures properly validated and secure access to the console.
6. Auditable:
All the security mechanisms that AWS provides are audited by 3rd party auditors before granting accreditation. And proof of these audits is accessible on AWS under Artifacts, to wit, Plans, Policies, and Procedures followed by AWS.
AWS also provides users with multiple storage services. Its simple Storage Service (S3) is a fully managed, supremely scalable, hierarchical service that offers users a choice of storage tiers, which they can opt for depending on how often they access their data and how available they need it to be. From spot instances that come at massively discounted rates for short-term use to S3 Glacier or Deep Glacier for long-term or ultra-long-term archival, ideal for storing logs that may be needed for compliance validation.
7. Transparency:
On AWS, you can choose the audit/certification you need as per your business requirements. AWS artifacts are also available for businesses to use for compliance. These artifacts cover the compliance requirements as taken care of by the CSP. All you need is to manage compliance with security accreditations specific to your business and workloads.
8. Shared responsibility:
Continuing from the previous point. AWS’s approach to security on the cloud is one of shared responsibility. What this means is that there are some aspects that AWS is responsible for but others fall under the purview of the user.
AWS Responsibility: AWS manages security and compliance at different levels, depending on the type of cloud deployment you opt for (SaaS, IaaS, or PaaS). Essentially, AWS is responsible for bare metal infrastructure, to the Hypervisor within the Virtual Machine Environment. This includes:
⦿ Facilities
⦿ Physical Security
⦿ Physical Infrastructure
⦿ Network Infrastructure
⦿ Virtualization Infrastructure
User Responsibility: Users are responsible for how they manage their cloud deployments and protect their data. Thus, they are responsible for security related to :
⦿ Operating System
⦿ Application
⦿ Security groups
⦿ Identity and access management
⦿ Network ACLs
⦿ Network Configuration
⦿ Account Management
9. Familiarity:
Since control objectives in AWS Cloud are similar to the Control Objectives followed in an On-Premises environment there is a certain degree of familiarity for a broad set of users.
Some of the audited SOC1/2 Control Objectives followed by AWS cover
⦿ Physical security
⦿ Environment safeguards
⦿ Data integrity, availability, and redundancy
⦿ Incident handling
⦿ Secure data handling: Secure disposal of end-of-life storage devices
⦿ Organizational security
AWS uses ex-AWS employees who are trained on the highest security standards. AWS conducts extensive background checks on employees and these are regularly evaluated
Logical security: Access levels are confined to required systems only and the need for access is reevaluated regularly.
Still unsure about the security of your workloads on AWS cloud? Contact Teleglobal’s AWS Cloud Consulting team for a deeper discussion to meet your specific needs.