Wayne Hayes – Page 8 – Wolk Technology

How moving to AWS improves security for your entire organisation.

There are many good reasons why so many large organisations have moved their operations to the Amazon Web Service (AWS) cloud platform. We touched on a few of them in this blog last week. But possibly the most important benefit AWS offers organisations is a first-rate security framework, security being one of the 5 pillars we’ve touched on before.

The security pillar of AWS is designed to “protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies”.

7 DESIGN PRINCIPLES

The security pillar is based on the following seven design principles:

1) Implement a strong identity foundation: Implement the principle of least privilege and enforce separation of duties with appropriate authorization for each interaction with your AWS resources. Centralize identity management, and aim to eliminate reliance on long-term static credentials.

2) Enable traceability: Monitor, alert, and audit actions and changes to your environment in real time. Integrate log and metric collection with systems to automatically investigate and take action.

3) Apply security at all layers: Apply a defense in depth approach with multiple security controls. Apply to all layers (for example, edge of network, VPC, load balancing, every instance and compute service, operating system, application, and code).

4) Automate security best practices: Automated software-based security mechanisms improve your ability to securely scale more rapidly and cost-effectively. Create secure architectures, including the implementation of controls that are defined and managed as code in version-controlled templates.

5) Protect data in transit and at rest: Classify your data into sensitivity levels and use mechanisms, such as encryption, tokenization, and access control where appropriate.

6) Keep people away from data: Use mechanisms and tools to reduce or eliminate the need for direct access or manual processing of data. This reduces the risk of mishandling or modification and human error when handling sensitive data.

7) Prepare for security events: Prepare for an incident by having incident management and investigation policy and processes that align to your organizational requirements. Run incident response simulations and use tools with automation to increase your speed for detection, investigation, and recovery.

5 FOCUS AREAS

The design principles lay the foundation for the five focus areas of the security pillar:

1) Identity and access management
2) Detective controls
3) Infrastructure protection
4) Data protection
5) Incident response

There is plenty of overlap through these focus areas so it is important to consider how each area can build on or influence others. They should be viewed together as integrated components of your security program rather than individual siloed processes.

Why should all this matter to your organisation?

AWS offers a level of investment and expertise in cloud security that most organisations could not hope to achieve on their own. A few benefits include:

1) The most advanced digital security available.

2) AWS is scalable in every respect, so if there’s a change to your security needs, you can be sure you won’t “outgrow” AWS and need to look for another provider.

3) AWS customers number the tens of thousands, including leading financial organisations and government agencies, so you can be sure that your data is the safest it can be.

Cloud security is top-of-mind for organisations moving their workloads to the cloud or managing an existing application in the cloud. Reviewing an existing or planned application against the principles of the Security Pillar can help you determine what action your organisation needs to take to improve deficiencies and be as secure as possible.

Why use the AWS Well-Architected Framework?

Whether you’re working with an internal team or an outsourced consulting partner, the AWS Well-Architected Framework is an educational tool that builds awareness of steps and best practices for architecting for the AWS Cloud.

In our experience, using well-architected best practices and design principles helps you:

Plan for failure

Architecting for failure is one of the primary design principles of Well-Architected. In other words, knowing how to mitigate risk, prevent data loss, eliminate downtime and defend against security threats.

Lower or mitigate risks

Reducing or mitigating risk = minimising surprises. The Well-Architected Framework provides a thorough and comprehensive process establishing options and analyzing your choices as well as for evaluating how a particular decision could impact your business.

Make informed decisions

Specifically, helping you to understand the trade-offs involved in your decisions. Well-Architected workloads gives you choices for responding to changing business requirements or external issues. It also helps you decide the best option by evaluating the trade-offs of every one of your options. As an organisation, you should never feel forced into one option when it comes to improving your workload. The process and questions posed by the Well-Architected Framework can help both your business and technology departments examine all options and identify the route that will lead to the most favourable business impact.

Build and deploy faster

Well-Architected best practices facilitate a DevOps approach that leads to closer collaboration between engineers and business stakeholders, ensuring that your business requirements are aligned with technical goals. This saves time, resources and ensures an integrated approach allowing to build and deploy faster. Taking your business further and faster.

What is the AWS Well-Architected Framework?

AWS Solutions Architects took their many years’ experience building solutions, and designing and reviewing thousands of customers’ architectures on AWS, and identified a set of best practices for architecting systems in the cloud. The result is the AWS Well-Architected Framework.

Based on 5 pillars – Operational Excellence, Security, Reliability, Performance Efficiency, and Cost Optimization – the Framework allows us to design and operate reliable, secure and cost-effective systems in the cloud, while sticking to best-practice architectural methodology.

The development of the AWS Well-Architected Tool has enabled regular review of workloads, identifying high risk issues and recording your improvements. Conducting a Well-Architected Review (WAR) allows a conversational approach rather than an audit process, and serves to establish well-architected systems that greatly increase the likelihood of business success.

The review documents a set of foundational questions that allow you to understand if a specific architecture aligns well with cloud best practices. The framework provides a consistent approach to evaluating systems against the qualities you expect from modern cloud-based systems, and the remediation that would be required to achieve those qualities. As AWS continues to evolve, the definition of well-architected will continue to be refined.

We begin all of our development projects with a Well-Architected Review to give clients full visibility of their workload. The precise and comprehensive nature of the Framework provides clients with essential insights that enable informed decisions that add business value.

We have years of experience architecting solutions across a wide range of business verticals and use cases, with several of our case studies being used by AWS.