AWS Security and Compliance

We live in a time when any enterprise application is like a castle that needs to be secured and protected. Security becomes even more crucial when the application is deployed on a cloud platform – not in your on-prem data center. In this chapter, we will discuss how the AWS cloud platform handles security and compliance at a high level.

Table of Contents

AWS Security

aws security blog

AWS cloud security is much like security in an on-premises data center. It doesn't matter whether organizations have their applications on-premises or on the cloud. Security is crucial for the deployed applications. Security, a core non-functional requirement in most enterprise systems. It deals with accidental leakage, theft, integrity compromise, or deletion of a valuable information asset.

How AWS Handles Security

Highly Secured Data Centers

To maintain trust and confidence in their customers, AWS has implemented comprehensive security mechanisms or safeguards in place to keep customers' data safe. All data are stored in highly secured AWS data centers.

To continue further on how AWS approaches security to provide peace of mind to its customers. AWS has built its data centers and network architecture in such a way to meet the requirements of the most security-sensitive organizations. What it means organizations can get their security requirements with much lower operational costs. Organizations would also inherit best practices of AWS policies, architecture, and operational processes, which were already built into the AWS core security infrastructure. That way, AWS satisfies the demand of most security-sensitive organizations.

Shared Security Model

AWS Infrastructure is designed from the cloud architectural perspective — with the security best practices in mind. AWS shares security responsibilities with the organizations where AWS takes care of the security of the underlying infrastructure while organizations must take care of the applications' security.

Layered Security

AWS uses a layered approach to security. It makes sure that underlying systems are monitored from potential threats and protected round the clock. AWS environments are continuously audited, with certifications from accreditation bodies across geographies and verticals.

AWS Compliance

Another essential foundational concept to understand is how AWS approaches compliance. AWS helps organizations when it comes to compliance with applications deployed on its platform. Compliance requirements vary country or region-wise. When applications are deployed on AWS, organizations have complete control and ownership of their applications in that region to set up their secure, governance-focused applications. Additionally, they apply compliance and audit features.

Assurance Programs

The following is a partial list of assurance programs with which AWS complies. It complies with SOC1, SOC2, and SOC 3. It complies with Federal Information Security Management Act (FISMA), Department of Defense Information Assurance Certification, Accreditation Process (DIACAP), and Federal Risk and Authorization Management Program (FedRAMP). It also complies with Payment Card Industry Data Security Standard (PCI DSS) Level 1. Finally, it complies with various ISO such as ISO 9001, 27001.

Benefits of AWS Security, Identity and Compliance Related Services

What benefits do AWS security, Identity, and Compliance related services provide to enterprise applications deployed on its platform?

Data Protection

The AWS infrastructure provides strong safeguards in place to help protect your privacy. All data are stored in highly secure AWS data centers. Furthermore, AWS also provides services that help protect your data, accounts, and workloads from unauthorized access. AWS has different data protection-related services that provide encryption and key management. In addition, AWS also provides threat detection-related services to continuously monitor and protect your accounts and workloads from unauthorized access. The following services help in data protection:
AWS Service Use Cases
Amazon Macie Discover and protect your sensitive data at scale
AWS Key Management Service (KMS) Key storage and management
AWS CloudHSM   Hardware based key storage for regulatory compliance
AWS Certificate Manager   Provision, manage, and deploy public and private SSL/TLS certificates
AWS Secrets Manager Rotate, manage, and retrieve secrets

Threat detection & continuous monitoring

AWS continuously monitors the network activity and account behavior for any abnormality within your cloud environment and identifies threats. The following services help in threat detection & continuous monitoring:
AWS Service Use Cases
AWS Security Hub Automate AWS security checks and centralize security alerts
Amazon GuardDuty Protect AWS accounts with intelligent threat detection
 Amazon Inspector Automate vulnerability management
 AWS Config Record and evaluate configurations of your AWS resources
 AWS CloudTrail Track user activity and API usage
AWS IoT Device Defender Security management for IoT devices
Amazon Detective Investigate potential security issues
AWS Elastic Disaster Recovery Scalable, cost-effective application recovery to AWS

Identity & Access Management

AWS Identity Services enable you to securely manage identities, resources, and permissions at scale. The following services help in identity & access management:
AWS Service Use Cases
AWS Identity & Access Management (IAM) Securely manage access to services and resources
AWS Single Sign-On Cloud single-sign-on (SSO) service
Amazon Cognito Identity management for your apps
AWS Directory Service Managed Microsoft Active Directory
AWS Resource Access Manager Simple, secure service to share AWS resources
AWS Organizations Central governance and management across AWS accounts

Compliance & data privacy

AWS manages dozens of compliance programs in its infrastructure.  AWS provides a comprehensive view of your AWS IT environment with regard to compliance status. It does this by continuously monitoring your environment using automated compliance checks based on the AWS best practices and industry standards. The following services help in compliance & data privacy:
AWS Service Use Cases
AWS Artifact No cost, self-service portal for on-demand access to AWS’ compliance reports
AWS Audit Manager Continuously audit your AWS usage to simplify how you assess risk and compliance

Network & Application Protection

Network and application protection services help you to manage fine-grained security policy at different network boundaries across your AWS IT environment.  For example, AWS services help you inspect and filter traffic to prevent unauthorized resource access at the host, network, and application boundaries.
AWS Service Use Cases
AWS Network Firewall Network security
AWS Shield DDoS protection
Amazon Route 53 Resolver DNS Firewall Filter and control outbound DNS traffic for your VPCs
AWS Web Application Firewall (WAF) Filter malicious web traffic
AWS Firewall Manager Central management of firewall rules

Saves Cost

Customers save in cost as they would not have to manage on-premises security. The region is the security would be addressed in AWS data centers.

Scale Quickly

Security scales based on the AWS cloud usage. No matter the size of your business, the AWS infrastructure is designed to keep your data safe.

AWS Artifact

AWS Artifact is a central place for compliance-related information that matters to you. It provides on-demand access to AWS’ security and compliance reports and select online agreements. AWS Artifact is a portal using which an enterprise can access security and compliance reports related to the AWS public cloud.

The following reports are available in AWS Artifact: SOC (Service Organization Control) reports, PCI (Payment Card Industry) reports, and certifications from accreditation bodies across geographies and compliance verticals that validate the implementation and operating effectiveness of AWS security controls. Agreements available in AWS Artifact include the Business Associate Addendum (BAA) and the Nondisclosure Agreement (NDA).

These reports can also guide team members, such as developers, to ensure that they adhere to these standards. Additionally, a user can download reports and other internal AWS documents via Artifact to ensure and demonstrate to auditors or regulators that the AWS offerings meet security and compliance standards.

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses User Verification plugin to reduce spam. See how your comment data is processed.