Shared Responsibility Model

AWS is an extremely secure infrastructure that delivers a highly secure cloud infrastructure and includes a set of comprehensive security controls.

  • Security of the Cloud – AWS is responsible for protecting the infrastructure that runs all of the services offered in the AWS Cloud. This infrastructure is composed of the hardware, software, networking, and facilities that run AWS Cloud services.
  • Security in the Cloud –Customer responsibility will be determined by the AWS Cloud services that a customer selects. This determines the amount of configuration work the customer must perform as part of their security responsibilities.

Get Started

Challenges

Misconfiguration

Cloud has become the new normal, and organizations are rapidly adopting cloud services or migrating infrastructure to the cloud. However, cloud security remains a major concern. When speaking about security in the cloud, misconfiguration represents the biggest threat to enterprise cloud security – Fortunately, it’s also entirely preventable.

A cloud misconfiguration occurs when your cloud-related system, asset or tools haven’t been set up or configured correctly. Typically, the cause of these is human error.

Hackers can exploit the vulnerability of a misconfigured infrastructure to initiate an attack. Some of the most significant and well published data breaches over the last few years have been as a result of misconfigured infrastructure in the public cloud.

Top 5 cloud misconfigurations

  • Storage Access
  • Secrets management
  • Permission Control
  • Lack of validation
  • Disabled logging & monitoring

Cloud Migration

IT security is a good example of the kind of migration challenges a cloud service customer can face. Most traditional IT environments adopt a perimeter-based, “castles and moats” approach to security, whereas cloud environments are more like modern hotels, where a keycard allows access to certain floors and rooms. Unless the legacy applications that have been developed and deployed for a “castles and moats” security model are reconfigured for the new security model, migrating to the cloud may have an adverse impact on cybersecurity.

Cloud Native Applications

From a security perspective, cloud native applications represent new threat vectors and types of attacks that often would not be seen in an on-premises data center, such as vulnerable container images and repositories with open source risks and malicious file uploads.

Operationally, SecOps will want to have visibility to open-source risks, while DevOps wants to move fast to deliver value to the business. However, security could require the use of old security tools that aren’t automated for their CI/CD pipeline and workflows, or simply too many tools. This quickly becomes a challenge.

Cloud Excellence Operations

Cloud operational excellence is the ability to support the development of cloud workloads effectively while also helping the business gain insight into their operations. The result will be continuous improvement in processes and procedures which will deliver true business value.

But how do you achieve operational excellence in the cloud when the business is rapidly deploying new cloud services to be competitive? There could be many teams using the services, and auditors could require compliance. How can you know what access or misconfigurations might be in place?

Cloud Frameworks and Standards

AWS Well-Architected Framework

AWS Well-Architected Framework helps cloud architects build secure, high-performing, resilient, and efficient infrastructure for their applications and workloads.

Based on five pillars;

  • Operational excellence
  • Security
  • Reliability
  • Performance efficiency, and
  • Cost optimization — AWS Well-Architected provides a consistent approach for customers and partners to evaluate architectures, and implement designs that can scale over time

Why care about the Well-Architected Framework?

Well-Architected Framework helps cloud architects build the most secure, high-performing, resilient, and efficient infrastructure possible for their applications. The framework provides a consistent approach for customers to evaluate architectures and provides guidance to implement designs that scale with your application needs over time.

So the Well-Architected Framework helps cloud service customers understand the pros and cons of decisions they make while building systems in cloud.

Therefore, Incorporating these pillars into your architecture helps produce stable and efficient systems. This allows you to focus on the other aspects of design, such as functional requirements.