How to Manage Security in AWS

Written By: Amar Moturi

Despite AWS being one of the largest cloud computing and storage platforms in the world, I am often asked: “How do I know my data is safe with Amazon?” 

Cloud hosting platforms have significantly different security implications than traditional on-premise infrastructure. When your data and applications are moved to the cloud, the responsibilities of security are now shared between you and AWS.

In AWS terms, this is known as the Shared Security Responsibility Model. AWS takes care of the physical infrastructure of your environment, whereas you are responsible for everything you upload/connect with to the cloud.

The Shared Security Responsibility model makes the operational costs associated with the physical aspect of data hosting much more manageable and flexible. With this model, AWS often makes improvements on the security side with no extra effort needed from you, the end-user.

AWS Shared Responsibility Model

What are AWS’ Security Responsibilities?

  • Protect Global infrastructure
    • Hardware, software, networking, and facilities required to keep all AWS Cloud Services working)
  • Comply with security standards
    • Requirements verified by third party auditors (visit AWS compliance for more info)
  • Security Configs of its ‘managed services’
    • DynamoDB, Relational Database Service, Redshift, EMR, Workspaces and other offerings

What are your Security Responsibilities?

  • Securing Infrastructure as a Service (IaaS)
  • Securing Elastic Compute Cloud (EC2)
    • Security patching of Operating Systems
    • Software/utility security installed on the OS
    • Configuration of Security Groups (instance firewalls)
  • Securing Identity Access Management (IAM) Accounts
    • Segmentation of tasks and privileges
    • Multi-factor Authentication (MFA)
    • SSL/TLS requirement for communication between AWS resources
    • Activity Logging using CloudTrail

 

For more information on the Shared Responsibility model, visit AWS Security Learning.

If your organization is moving to, or already in the cloud, Triden Group’s cloud architects can assist in developing your cloud environment. We offer a full range of cloud solution services from full migration and deployment, to security assessments and configuration.

Visit the link below to learn more:

https://tridengroup.com/services/managed-cloud-services/