Description The security pillar describes how to take advantage of cloud technologies to protect data, systems, and assets in a way that can improve your security posture.
Security posture – Refers to an organization’s overall cybersecurity strength and how well it can predict, prevent, and respond to ever-changing cyber threats.
What – The state of being free from threats
Why – To protect information and systems
When – To keep your cloud environment secure and to act according to certain accepted standards.
Design Principals of Security
- Implement a strong identity foundation
- Implement the principle of least privilege and enforce separation of duties with appropriate authorization for each interaction with your AWS resources.
- Centralize identity management and aim to eliminate reliance on long-term static credentials.
- Maintain traceability
- Monitor, alert, and audit actions and changes to your environment in real time.
- Integrate log and metric collection with systems to automatically investigate and act.
- Apply security at all layers
- Apply a defence in depth approach with multiple security controls.
- Apply to all layers like edge of network, VPC, load balancing, every instance and compute service, operating system, application, code etc…
- Automate security best practices
- Automate software-based security mechanisms to improve your ability to securely scale more rapidly and cost-effectively.
- Create secure architectures, including the implementation of controls that are defined and managed as code in version-controlled templates.
- Protect data in transit and at rest
- Classify your data into sensitivity levels and use mechanisms, such as encryption, tokenization, and access control where appropriate.
- Keep people away from data
- Use mechanisms and tools to reduce or eliminate the need for direct access or manual processing of data.
- This reduces the risk of mishandling or modification and human error when handling sensitive data.
- Prepare for security events
- Prepare for an incident by having incident management and investigation policy and processes that align to your organizational requirements.
- Run incident response simulations and use tools with automation to increase your speed for detection, investigation, and recovery.
Security Best Practices
- Security foundations – Manage Centrally and operate workload securely.
You should protect data, systems and assets in a way that can improve your security posture.
- Identity and access management – Manage Identity and Permissions.
You should have a robust identity management and permissions management in place to ensure that the right people have access to the right resources under the right conditions.
- Detection – Detect and Respond
Detection of unexpected or unwanted configuration changes, and the detection of unexpected behaviour. Using Amazon GuardDuty, you can be alerted when unexpected and potentially unauthorized or malicious activity occurs within your AWS accounts.
- Infrastructure protection – Network and Compute Resources
Infrastructure protection encompasses control methodologies, such as defence in depth, that are necessary to meet best practices and organizational or regulatory obligations.
-
- Define trust boundaries (network and account boundaries)
- System security configuration and maintenance (hardening, minimization, and patching)
- Operating system authentication and authorizations (or example, users, keys, and access levels)
- Appropriate policy-enforcement (IAM/S3 policies, WAF SG/NACL)
- Data protection – Classify data, protect data in transit and at rest.
Before architecting any workload, foundational practices that influence security should be in place. Data classification provides a way to categorize organizational data based on criticality and sensitivity to help you determine appropriate protection and retention controls.
-
-
- Identify the data within your workload.
- Define data protection controls.
- Automate identification and classification!
- Define data lifecycle management.
-
- Incident response – Prepare, Simulate and iterate
- Know what you have and what you need
- Use redeployment mechanisms
- Automate where possible
- Choose scalable solutions
- Application security – Training and Testing, Review code streamline deployments
- Application security (AppSec) describes the overall process of how you design, build, and test the security properties of the workloads you develop.
- Adopting application security testing as a regular part of your software development lifecycle (SDLC) and post release processes help ensure that you have a structured mechanism to identify, fix, and prevent application security issues entering your production environment.