Wayne Hayes – Page 7 – Wolk Technology

Identity and Access Management: Permissions and Identification

AWS Well-Architected Framework is a system used to identify the at-risk areas in your company’s infrastructure. AWS ensures your applications are using the five pillars of operational excellence, security, reliability, performance efficiency, and cost optimisation.

Why are Identity and Access Management Important?
For your cloud-based systems to operate safely, the right people must have access to the resources meant for them. Allowing users to have access, or other applications to have access, opens up the potential for security threats if the proper measures aren’t in place. Using identity management and permissions management are the two best ways to take care of human and machine security access.

Identity Management
It’s best to manage identity access in a centralised way, meaning that you use one identity provider to grant access for multiple platforms. If you need to deny access to someone (like an employee leaving the company) you can instantly revoke their ability to view sensitive information. These could include company calendars, email accounts, AWS services and more. By centralising access, it becomes easier to track and control who has permission to view and change data.

When dealing with AWS, both humans and machines require unique identities to be able to access these services. To keep track of who/what has access to which applications/information, consider grouping users who have similar security access requirements together. Thus, making it easier to manage large groups of users within an organisation because settings can be changed by group membership rather than for each individual.

Permissions Management
Permissions are essential to the second pillar of AWS Well-Architected Framework security. By creating permission boundaries and granting least privilege access, you can restrict user and administrator ability to only what is necessary.

AWS utilises attribute-based access control (ABAC) which allows you to provide access based on specific attributes called tags. Programming these tags into your management strategy ahead of time means permissions will be applied automatically as a project unfolds rather than you manually updating a policy part way through. Doing this creates an efficient way to handle multi-user and developer access while still maintaining a secure cloud-based system.

Work with WOLK
If you’re interested in improving your cloud-based security, work with WOLK. A leading partner of the AWS Well-Architected Reviews, our review process draws attention to the areas of risk in your system so you can take the necessary steps to up-level your security measures.

The 7 Design Principles for Cloud Security Under AWS

Security, the second pillar of the AWS Well-Architected Framework, contains seven design principles. By adhering to these guidelines, you can increase the strength of your cloud security, and protect your data.

The design principles encompass the ideas of foundation, preparation, and automation.

1. Implement a Strong Identity Foundation

A strong identity foundation is critical to maintaining safe data. Utilise the principle of least privilege by allowing each team member the minimum amount of access necessary for their work.

You should also centralise your identity management and try to reduce using static credentials.

2. Enable Traceability

It’s easier to find problems when you have a pre-existing tracing system. By monitoring your workload and applications in real-time, you’ll also receive alerts at the exact moment when something breaks through your security.

3. Apply Security at All Layers

Every layer and level of your workload and applications should be secure. Just because it’s an internal system doesn’t mean it’s safe.

4. Automate Security Best Practices

Automation lessens the likelihood of human error. Automated security sweeps can be set to run at regular intervals, and will automatically alert the correct team member when there is a problem.

5. Protect Data at Transit and Rest

Your data should always be secure, even when it’s within your systems. Use a classification system that all team members understand, to determine what level of security your data needs.

Based on its classification, data should be secured using encryption, tokenisation, or access control. If you’ve automated your security best practices, your security system can sort the data itself.

6. Keep People Away from Data

In addition to the principle of least privilege, you should also use tools that help to lower the need for human access to data. Human error can cause security breaches or loss of data.

7. Prepare for Security Events

Prepare your systems and teams for a future security event. Following your organisational best practices, create an incident management and investigation policy. Train all team members in your response policy by running drills.

Schedule a Well-Architected Review
To ensure your data is as secure as possible, consider working with an AWS Well-Architected Partner. WOLK can identify any outstanding high-risk items and mitigate them for you.

Once you’ve completed a Well-Architected Review, you can continue to maintain the highest level of security possible by adhering to the seven design principles of the security pillar.

Detecting Security Problems Using AWS

AWS is a subsidiary of Amazon providing cloud-based computing platforms. WOLK is certified to provide AWS Well-Architected Reviews. WOLK can track your IT performance around the clock to tackle any interruptions before they impact your business. Detecting security problems is critical to the success of your business.

AWS Well-Architected framework operates on the five pillars of Operation Excellence, Security, Reliability, Performance Efficiency, and Cost Optimisation. Security, the second pillar of AWS, refers to protecting your data, systems and assets. Before you architect a workload, security practices must be in place.

What does it mean to architect a workload? A workload refers to a collection of data and code that are integral to a business that will be planned, devised and scaled in a way that meets guidelines set out by Amazon. The AWS cloud executes an automated response to security issues.

Security: The Second Pillar

Within the pillar of security, seven design concepts can strengthen the security of AWS systems.

1. Implement a strong identity foundation means you should eliminate the use of long-term static credentials. Ensure there is a separation of duty when it comes to authorised personnel for interaction with AWS systems.

2. Keep people away from data suggests that you mitigate the risk for human error by reducing or eliminating manual processing of data. Use the automated tools available instead.

3. Prepare for security events by acting out simulated response situations.

4. Protect data in transit and at rest by organising it via levels of sensitivity. Use access control and encryptions for additional protection.

5. Automate security best practices to acquire a quicker response time when a security threat is detected.

6. Apply security at all layers by using multiple security controls.

7. Enable traceability by tracking changes in real-time so you can take action immediately if a security threat is detected.

Your security comprises five core components:

● Identity and access management
● Detection
● Infrastructure protection
● Data protection
● Incident response

Detecting Security Problems

Detection is critical in enabling you to identify a security threat or misbehaviour. Detective mechanisms are part of the threat identification and response effort and can include elements like analysing logs from your workload.

Performing vulnerability management is vital in detecting security problems promptly. Scan for vulnerabilities in your digital infrastructure by using a third party static code analysis tool or a third party dependency checking tool.

Validating the integrity of your software can also help in detecting security problems. To do this, you’ll want to implement mechanisms that confirm software, code and libraries that are part of the workload are from a trusted source.

Identify Your Areas of Risk

WOLK is a leading partner of the AWS Well-Architected Review Program and can provide a review that identifies high-risk items for your company. You’ll receive an AWS service credit that will cover the majority of high-risk items during the remediation stage.

What are the basic components of security under AWS?

The AWS Well-Architected Framework consists of five pillars. Security, the second pillar, focuses on protecting your data, systems, and assets using cloud technology.

The security pillar includes seven design principles and six best practice areas. By following the guidelines laid out in this pillar, you can keep your data safe and secure.

Best Practice: Security
Keeping your workload secure is an essential part of using cloud technology. The AWS Well-Architected Framework details the best practices you should follow when focusing on security.

Organise Based on Security Requirement
Organise your accounts and workloads from a security point of view, rather than following the existing structure of your company. You can simplify the security process by combining like-accounts that need similar security procedures.

Identity and validate control objectives, using your compliance guidelines and any high-risk items discovered by a Well-Architected Review. Continue to schedule reviews of your control objectives, and update them when necessary.

Secure your AWS Account
Make sure your AWS account is fully secure. Use Multi-factor Authentication (MFA), don’t use your root user too often and configure your account contacts.

Stay Updated
Security risks are continually changing and evolving. Be sure to schedule regular meetings to review new threats and how to mitigate them.

Security recommendations are always changing. Be diligent in following the latest suggestions by subscribing to AWS Updates and the AWS Security blog. Consider consulting with outside experts at regular intervals to ensure your security is up to date.

Use a Threat Model
Create a threat model to identify new and existing risks. Once identified, prioritise the risks and address them as needed. Be sure to keep your threat model updated to reflect new security recommendations.

Automate
Automation lessens the possibility of human error. Create an automated testing service that allows you to check the secureness of your systems quickly.

Build the automated testing services directly into your systems and processes. Once built-in, these testing services can continuously check for threats and breaches, and alert you if there is a problem.

AWS Partners
AWS Partners regularly release security updates that can help you keep your data safe.

WOLK, a long term AWS Partner, is always up to date on new threats and security recommendations. To ensure your data is secure, schedule a Well-Architected Review. WOLK will identify and highlight any high-risk items, and mitigate them for you.

Educating Your Teams Through AWS

The AWS Well-Architected Framework is a fantastic tool but must be fully understood by all team members to be as effective as possible.

AWS Support offers a variety of options to help educate your teams about the Well-Architected Framework.

AWS Knowledge Center
The AWS Knowledge Center compiles FAQs for many of Amazon’s most popular web services. If your teams are unsure about certain aspects of AWS, they should start with the Knowledge Center.

AWS offers services from security to cloud services, to messaging. Before delving into the Well-Architected Framework’s specifics, the Knowledge Center can help your team members get a feel for what AWS is all about.

AWS Documentation
For more specific details about the Well-Architected Framework, including information about each pillar and how to best achieve them, have your team members visit the AWS Documentation pages.

They include whiteboard pages with a general overview of the Framework, as well as detailed descriptions of each of the five pillars.

There are also helpful answers to FAQs that your teams might have about specific best practices.

AWS Compliance
Compliance with the Framework is vital to ensuring your company runs as smoothly as possible. To educate your teams on how to achieve and maintain compliance, direct them to the AWS Compliance page.

There, they can find guides on specific compliance actions and handbooks focusing on particular areas of the Framework.

AWS Discussions
If a member of your team has a question that is too specific for general FAQs and guidebooks, post the question at AWS Discussions. In this forum, your team members can interact with AWS staff and other users of the Well-Architected Framework.

Your team member might find their answer faster through the AWS Discussions page, especially for narrow or unusual questions.

AWS Training and Certification
To ensure your team is entirely secure in their knowledge of the Well-Architected Framework, consider signing them up for courses through the AWS Training and Certification page.

Particularly for team leads or pivotal team members who work closely with the Framework, a training course can provide stability. Once trained, these team members can answer questions and offer more in-house support.

Work with a Well-Architected Partner
Even after thoroughly educating your team on how to use the Well-Architected Framework, it can be beneficial to check your compliance through a Well-Architected Review.

WOLK is an experienced, knowledgeable partner and can help you to ensure compliance.

Improving Operational Readiness Through AWS

Operational Readiness is vital for your company’s continued growth and productivity levels. Using the AWS Well-Architected Framework, you can maintain and improve your level of operational readiness.

Operational Readiness Review
The AWS Well-Architected Framework recommends scheduling regular reviews to test the operational readiness of your workload, applications, processes, procedures and teams.

Through this review, you can make sure everything in your company is running smoothly, and any new workloads are ready to go live. Regular inspections also allow you to catch recently developed risks and fix them before going live, rather than having to backtrack.

Viewing your Workload as Code
The Well-Architected Framework allows you to view your entire workload as code, including your applications, infrastructure, policies, governance and operations.

Translating everything into code allows you to reduce or even eliminate human error.

Prepare: An Operational Excellence Best Practice
Prepare your workload. Have a clear idea of what your end goal is, and exactly how your workloads and applications will achieve it.

When designing your workload, be sure to include the ability for self-reporting. It helps your teams to easily and quickly access all the information they need.

Create a consistent process to use during every Operational Review. You can compare results directly if you maintain the same test environment.

Best Practices to Improve Your Operational Readiness
Use version controlled repositories within your workload to track changes, distribute new versions, detect changes, and quickly reverse changes. In case of a failure, integrated version control allows you to return to an earlier edition of the code or procedure.

Test and validate all changes, even the small ones. By testing at every step, you can identify any problem before it creates havoc. Automate the testing to mitigate human error.

Ensure design standards are the same for all teams. Standard designs, operating practices, checklists and rules make it easier to review your operational readiness across the whole company.

Automation
Automate as much as possible, including configuration management, patch management, and build and deploy systems.

Automation allows testing at precise, regular intervals makes changes easier to implement and reduces the amount of effort needed from your team.

Change How you Make Changes
An essential part of the Operational Excellence pillar is making frequent, small, and reversible changes. In addition to helping your overall workload, this concept also improves your operational readiness.

Compliance with AWS Well-Architected Framework Guidelines
The best way to improve your operational readiness is to comply with all the guidelines in the Well-Architected Framework. WOLK can help you by performing a Well-Architected Review.

After WOLK highlights any high-risk items and remediates them, you can continue to improve your operational readiness by using the AWS Well-Architected Framework.

Evolving Your Operations Through AWS

Use the AWS Well-Architected Framework to evolve your operations and ensure your company can take on new challenges.

Operational Excellence, the first pillar of the Well-Architected Framework, prioritises the ability to evolve your code and organisation so you can learn from failure.

Best Practice: Evolve
To evolve the effectiveness and efficiency of your business, the Well-Architected Framework suggests continually making small adjustments.

Instead of having a yearly review and making sweeping and possibly expensive changes, have a team who is constantly evaluating your workload, applications and organisation to ensure it’s operating at peak efficiency.

Continuous Improvement
Using post-incident analysis, determine what went wrong and outline steps to ensure the same mistakes don’t occur again. Make all teams aware of the problem, and search all areas of your organisation for similar problem areas.

Feedback loops can identify problem areas before they become incidents. Have your evaluation team monitor all feedback loops and alert relevant team leaders when the outcomes fall flat against the predicted baselines.

Knowledge Management
Create an information structure with current, updated information that all team members can access. Also, make it clear when the data needs to be updated or archived.

It’s vital that your organisation only uses current information. Outdated or inaccurate information can cause severe problems for your company and your customers.

Drivers for Improvement
What exactly do you want to improve, and is it possible? Before discussing desired improvements, confirm that your workload supports them.

There are three types of improvements: desired capabilities, unacceptable issues, and compliance requirements.

Desired capabilities can be anything you want to improve in your company. If they aren’t immediately possible, have your team slowly refine your operations and applications in the correct direction.

Address unacceptable issues as soon as possible. They can include security gaps and bugs that slow down your production.

Compliance requirements for AWS change occasionally. Work with a Well-Architected Framework Partner to check your operations are compliant and to identify any High-Risk Items.

Validate Insights and Share Information
Confirm your insights and decisions with outside experts. Fresh eyes can sometimes find problems your company missed.

Don’t forget to document and share all new information and insights with your whole company. Even if the information seems irrelevant to some teams, as your structure evolves, it may become relevant in the future.

Schedule an AWS Well-Architected Review
To evolve your operations through AWS, schedule a Well-Architected Review with WOLK. Keep your company up to date and successful by continuously improving and developing using the AWS Well-Architected Framework.

AWS and Operational Excellence: Organisational Best Practices

The AWS Well-Architected Framework exists to help businesses make their applications and workloads as efficient and secure as possible. It consists of five pillars: operational excellence, security, reliability, performance efficiency, and cost optimisation.

The First Pillar

Operational excellence is the first pillar of the AWS Well-Architected Framework. In addition to making sure your workload and applications run smoothly, operational excellence also focuses on making small and reversible changes and dealing with failure.

Operational excellence includes four best practice areas, which are organisation, preparation, operation and evolution. Compliance within all these areas helps your company to succeed and grow.

Organisation

The best practise area of organisation deals with employee structure. It looks at the organisation of your teams and employees in terms of your workload and applications. It’s essential to have a clear structure with clearly defined employee responsibilities and priorities.

Each team should know their position in the company and be aware of how their actions affect other groups and vice versa. You should clearly define the hierarchy of each team to the whole company.

The structure of the workload also needs to be clearly defined. Assign an employee to every application, workload, platform and infrastructure component.

There are a few other steps to follow to help you achieve operational excellence.

1. Evaluate Needs

The first step in the Organisation Best Practice is to identify and evaluate needs, both internal and external. Once identified, you can determine what to prioritise.

External customer needs could involve your stakeholders, important customers or government regulations that impact your business.

Your business, development, or operational teams might have internal needs that could affect your customers.

2. Evaluate Threats

Threats to your business can be anything from other competitors to liability or security risks. Once you’ve found all the dangers, keep track of them in a risk registry. Periodically review the risk registry to determine if it’s possible to mitigate these risks or if they’ve grown in importance.

3. Encourage Experimentation

To encourage growth, build in time for your employees to learn about new techniques and advances in your field. Successful experimentation often results in more efficient practices.

Using the AWS Well-Architected Framework

The AWS Well-Architected Tool helps businesses to implement the Framework. There are also companies that can perform a Well-Architected Review to help you achieve full compliance.

WOLK is an experienced, long-term partner of the AWS Well-Architected Tool who can identify and remediate any high-risk items so you can follow the Organisational Best Practices.

How AWS Helps with Designing Operational Excellence

The AWS Well-Architected Framework is a system that helps build secure and efficient infrastructure in your company’s applications and workloads. It uses five pillars, operational excellence, security, reliability, performance efficiency, and cost optimisation, to streamline your workloads in the cloud.

By completing an AWS Well-Architected Review using WOLK, a Well-Architected Partner, you can ensure your application and workloads are working at their highest potential.

Operational Excellence: The First Pillar

Operational excellence is the first of five pillars in the AWS Well-Architected Framework. In this pillar, the Framework focuses on supporting business objectives, effectively running workloads, learning more about specific operations, and the ability to continue to improve procedures.

Within the pillar are five design principles: Perform operations as code, make frequent, small, reversible changes, refine operations procedures frequently, anticipate failure, and learn from all operational errors. With the AWS Well-Architected Tool, you can discover which of these principles need to be improved.

1. Perform Operations as Code

Performing all operations as code lowers the likelihood of human error from the entire workload. It creates a more streamlined system that can be easily updated and allows a faster response time.

2. Make Frequent, Small, Reversible Changes

Instead of making sweeping changes to fix a problem, the AWS Well-Architected Framework suggests beginning with small, reversible changes. If there is a problem, a small change is easily correctable and costs less time and money to address.

3. Refine Operations Procedures Frequently

Every time your business evolves, so should your operations procedures. Schedule regular meetings to ensure your workload is operating as efficiently as possible.

4. Anticipate Failure

Before starting, plan alternative options. Even after a system is in place, it can fail for many reasons. If your business has backup plans and a response plan in place, you can minimise any negative effects of a failure.

5. Learn from all Operational Failures

Just like a company should anticipate failure, a company should learn from it. Analyse the failure, and create new procedures to protect against it in the future.

Working with a Well-Architected Partner

WOLK is a leading partner of the AWS Well-Architected Program and is fully certified to provide AWS Well-Architected Reviews. After the review, which will highlight high-risk items, WOLK will begin the remediation stage. Typically, most high-risk items can be remediated using your AWS service credit, so your company will not be out of pocket.

AWS Well-Architected Review: applying the Framework

AWS Well-Architected Reviews use the AWS Well-Architected Framework to provide a consistent approach to evaluate and remediate systems, based on best practices for designing and operating reliable, secure, efficient, and cost-effective systems for the cloud.

WOLK is a certified AWS Advanced Well-Architected Partner and is certified to provide AWS Well-Architected Reviews.

What to expect from a review:

– Free Initial Consult.
– No Commitment.
– Leading Partner of the AWS Well-Architected Program.

The process of the AWS Well-Architected Review is to take a specific workload and review it using an approach created to facilitate consistent, considered and excellent process and design. The review takes shape using a three step process:-

1) Learn – Gather information about your workload.
2) Measure – Review your workload with all the right people.
3) Improve – Create recommendations using a statement of works.

Stage 1: The Review

– You grant WOLK read-only access to your account and we complete the review with you.
– We create a document outlining the remediation work the workshop reveals.
– We present the High Risk Items (HRIs) to you along with the Scope of Work (SOW) for sign-off.
– Once signed-off, we allocate time to do the remediation, this typically takes up to two weeks.

Stage 2: The Remediation

– WOLK to complete the remediation work.
– We complete the second milestone of the WAR tool.
– We submit the result to AWS.
– AWS requires that WOLK complete the remediation to qualify for the service credit.

Stage 3: The Service Credit

– You complete AWS feedback review PLUS reply to email.
– AWS grants a service credit to you.
– We can usually complete the WAR and remediate the majority of high risk items within the service credit amount – making the exercise cost neutral to you.

Why use WOLK for your Well-Architected Review?

WOLK are a leader of the AWS Well-Architected Program and have a wealth of experience in reviewing and remediating High Risk Items within your workload. We have developed and maintain tools and unique internal processes that streamline our review and remediation process, reducing the cost and allowing for a cost neutral outcome.

As part of the Well-Architected Process, we highlight the requirement for ongoing measuring and monitoring of your compliance and workloads. WOLK offer a solution in the form of ongoing managed services that are specifically designed around the Well Architected Framework and could include:

– No out-of-pocket expenses for review and remediation.
– AWS spend invoiced monthly.
– Additional account controls or guardrails.
– Simplified and enhanced security features (Single Sign On / SSO).
– Ongoing access to updated tools, processes and monitoring.