“Even a computer is loaded with a virus protection and security system to ward off unnecessary damages!”
Security is only a state of mind when it comes to migrating applications on Cloud and constant evolution in operations is the only best way of securing the environment.
As such, this represents a unique opportunity for organisations and the leaders in the Cloud industry to cross-pollinate knowledge with customers to enable growth and innovation through the power of Cloud.
AWS Meetup by BlazeClan which was held in the fourth week of December in Pune brought together a packed room of Cloud leaders and technology evangelists to exchange knowledge and resources on AWS Security and best practices.
Here are 7 key takeaways on Security and it’s best practices that will get you started as your organisation continues to adapt to the paradigm shift in the technology.
- Feel secure on AWS
The ever evolving technology and services of Amazon Web Services have made it easier for organisations to secure its accounts, infrastructure, Operating Systems, Applications and Data along with categorization of assets and monitoring. The existing and newly introduced services can greatly benefit in securing your infrastructure on AWS Cloud.
- AWS services to be used to secure AWS environment
Organisational policies, or industry regulations, might require the use of AWS services to protect your data on the AWS environment. Amazon Web Services (AWS) allows you to choose from a variety of native services to meet the needs to secure the environment. This includes services such as:
- AWS Trusted Advisor
- AWS Identity and Access Management (IAM)
- AWS CloudTrail
- VPC Flow logs
- AWS Config
- AWS Service Catalog
- Amazon Machine Images (AMI)
- AWS CloudFormation
- Amazon Inspector
- AWS WAF
- Updating security policies
While security governance is important for all organisations, it is a best practice to enforce security policies and to update these policies with security layers to avoid any cracks due to time.
- Monitor and Analyse security threats
Create and implement a monitoring plan to analyse security threats in your AWS environment using AWS monitoring tools implemented with a strategic SIEM solution to protect the services running on AWS and easily debug a multi-point failure if it occurs.
- Design for failure
To protect the availability of your application, it is necessary to design an environment that allows handling DDOS attacks. AWS infrastructure is DDoS-resilient by design and is supported by DDoS mitigation systems that can automatically detect and filter excess traffic.
- Encrypting Data
Imposing additional controls, such as protection of data at rest, and protection of data in transit, or introducing a layer of opacity between services from AWS and your platform is a best practice to reduce the damage even if the initial layers are penetrated.
- Penetration testing and environment audits
Periodic audits and regular penetration testing of security configuration give an opportunity to remove unneeded IAM users, roles, groups, and policies, and to make sure that users and software have only the permissions that are required.
“73% believe the Cloud Server Firewall is the 1st place to stop attacks and prevent exploits”.
Information security is of paramount importance and if you migrate onto Cloud, Security on Cloud becomes a core functional requirement that protects mission-critical information from accidental or deliberate theft, leakage, integrity compromise, and deletion.
PS: If you have missed the event, the presentation from the event is available here.
We are organising an AWS Meetup on Micro Services Architecture in Pune on Friday, 20th January 2017 and in Mumbai on Friday, 27th January 2017. Keep an eye out on our twitter handle @clouditbetter for more updates!