Open in app

Sign in

Write

Sign in

AWS Cloud Security

Rohit Malik
4 min readFeb 13, 2022

--

My job comprises advising customers on the most effective ways to use creative, cutting-edge, and dependable technologies through the use of AWS cloud. I’ve usually seen similar types of questions. Is AWS safe, and is AWS responsible for the security of my application, data, and network? If something goes wrong, Will Amazon Web Services (AWS) be held accountable if something goes wrong?

To which I always respond, “No, it is not only AWS’s responsibility; it is also your cloud architect, security team, and information technology department all has a role to play in developing a secure and trusted system.” However, AWS will unquestionably assist you in building a secure and robust solution by providing industry best in class solutions and services. In other words, “Cloud Security is a Shared responsibility”.

Shared Responsibility Model:

You and your cloud service provider have joint responsibility for cloud security.

Customer Responsibility: “Customers are responsible for security “in” the cloud”. Protect your data, comply with regulations, and maintain privacy by implementing a cloud security strategy. Customers are responsible for implementing and maintaining data security, identity and access management, firewall configuration, data encryption, data integrity authentication, and network traffic management (Encryption). Customers are responsible for ensuring the confidentiality, integrity, and availability of their data in the cloud.

AWS Responsibility: “AWS is responsible for the security “of” the cloud”. All of the services supplied by AWS are dependent on the infrastructure that runs them. AWS is responsible for securing the infrastructure that powers them all. Infrastructure refers to the physical components of a system such as hardware, software, networking, and facilities (It can also be referred to as a Data Center.) that support the operation of AWS Cloud services.

Source: https://aws.amazon.com/compliance/shared-responsibility-model/

The next question they ask is whether AWS adheres to industry standards in the same way that we do in our own data centre and IT operations, and I usually respond affirmatively, stating that AWS not only maintains high standards, but also assists customers in meeting compliance requirements.

Customers can learn about AWS’s security and regulatory compliance measures through the AWS Compliance Program. In order to assist clients, establish and operate in an AWS security control environment

AWS Compliance Program: https://aws.amazon.com/compliance/programs/

Now we understand that AWS offered world-class secure infrastructure and AWS is responsible for the security “of” the cloud. However, there is one key question: how can we, as customers, ensure the security of our applications, networks, and data in the cloud?

AWS offers a wide range of security services, each tailored to a specific security concern/risk.

Please click here for additional information: https://aws.amazon.com/products/security

AWS provides the following Security, identity, and compliance services:

Data Protection: AWS offers services to assist you in safeguarding your data, accounts, and workloads from illegal access. AWS data security services include encryption, key management, and threat detection, which monitors and protects your accounts and workloads in real-time.

Amazon Macie for a Discover and protect your sensitive data at scale, AWS Key Management Service (KMS) for key storage and management, AWS CloudHSM for Hardware-based key storage for regulatory compliance, AWS Certificate Manager for Provision, manage, and deploy public and private SSL/TLS certificates, and AWS Secrets Manager for Rotate, manage, and retrieve secrets

Detection:

AWS Security Hub to Unified security and compliance center, Amazon GuardDuty as a Managed threat detection service, Amazon Inspector for Analyze application security, AWS Config to Record and evaluate configurations of your AWS resources, AWS CloudTrail to track user activity and API usage, and AWS IoT Device Defender for Security management for IoT devices.

Infrastructure Protection:

AWS Network Firewall for Network security, AWS Shield for DDoS protection, AWS Web Application Firewall (WAF) for Filter malicious web traffic, and AWS Firewall Managerfor Central management of firewall rules

Incident response:

Amazon Detective for Investigate potential security issues, and CloudEndure Disaster Recovery for Fast, automated, cost-effective disaster recovery

Compliance:

AWS Artifact for No cost, self-service portal for on-demand access to AWS’ compliance reports, and AWS Audit Manager Continuously audit your AWS usage to simplify how you assess risk and compliance.

Identity & access management:

AWS Identity & Access Management (IAM) for Securely manage access to services and resources, AWS Single Sign-On for Cloud single-sign-on (SSO) service, Amazon Cognito for Identity management for your apps, AWS Directory Service for Managed Microsoft Active Directory, AWS Resource Access Manager for Simple, secure service to share AWS resources, and AWS Organizations for Central governance and management across AWS accounts

AWS
Aws Certification
Cloud Computing
Cloud
Security

--

--

Rohit Malik

Written by Rohit Malik

3 Followers

Business Manager | Principal Cloud Architect at IBM | https://www.linkedin.com/in/rohitmalik21/ https://rohitmalik.info/blog

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams