Definition of AWS Security
AWS Security refers to a range of qualities, tools, or features that make the public cloud service provider Amazon Web Services (AWS) secure. An AWS security whitepaper titled “Introduction to AWS Security” is a comprehensive document for learning the fundamentals of AWS security, including AWS’s products and services as well as AWS’s approach to security.
In the whitepaper, AWS states, “The AWS infrastructure has been architected to be one of the most flexible and secure cloud computing environments available today.” Gartner’s Magic Quadrant has ranked AWS as the top IaaS (Infrastructure as a Service) provider for 8 consecutive years.
Benefits of Using AWS
Some cloud security benefits customers can enjoy under the AWS include:
- Control where their data is stored and who can access their data. AWS made this possible by combining access controls with continuous monitoring. This ensures that the right resources have the right access at all times.
- Reduce human configuration errors by automating security tasks. This gives customers more time to focus on critical tasks, like scaling and innovating the business.
- Extend AWS security benefits of AWS through technology and services offered by AWS-selected solution providers.
- AWS receives third-party evaluation to ensure that it meets global compliance requirements and continuously monitors regulatory requirements to help customers meet security and compliance standards across industries such as healthcare, finance, and others.
Elements of AWS Security
When compared to a traditional on-premise configuration, many customers expect AWS to provide higher security. Here’s a more detailed look at some of the features that make AWS a secure platform:
AWS Security Infrastructure
An on-premise configuration requires the installation of firewalls and encryption software. Such things can significantly spike costs besides the costs of on-site operation.
With security protocols built into the cloud infrastructure, AWS appears to have an inherent advantage over the traditional set-up. AWS has tools for increasing privacy and controlling network access, like network firewalls, connectivity options, and DDoS (distributed denial of service) mitigation. AWS also has automatic encryption for all pieces of data flowing across its global network.
Here’s one wonderful thing: customers can enjoy such security at no extra costs. One of the benefits of cloud computing is that customers only pay for the resources they use, meaning they’re paying for the computing time, used storage space, or both, while taking advantage of AWS’s built-in security features.
AWS Identity Governance and Access Control
Customers can manage user accounts and permissions, thanks to AWS Identity and Access Management (IAM). AWS also offers other services, like AWS Multi-Factor Authentication and AWS Single Sign-On.
AWS Monitoring and Logging Tools
AWS offers tools that allow customers to view what’s happening inside the AWS environment. This way, customers can readily detect issues before issues affect the business. Such tools include AWS CloudTrail, Amazon CloudWatch, and Amazon GuardDuty.
AWS Security Compliance
AWS boasts third-party validation for lots of compliance requirements and regulations. SOC 1, SOC 2, SOC 3, ISO 9001/ISO 27001, PCI DSS, HIPAA, GDPR – name one, and it’s highly likely that AWS has it covered. AWS also offers reporting tools to show data compliance with regulators. Note, though, that AWS share security compliance responsibilities with its customers, and ultimately, it’s up to every business to ensure that it meets all applicable compliance requirements.
A Wide Selection of AWS Security Products and Tools
AWS partners with a variety of companies that offer products and tools that can benefit AWS customers. One that needs a special mention here is a digital catalog called the AWS Marketplace. With AWS Marketplace, it’s easy for customers to find, test, buy, and deploy AWS-compatible software from independent vendors. Aside from the AWS Marketplace, other security resources include AWS Trusted Advisor, AWS Account Teams, AWS Enterprise Support, AWS Partner Network, and AWS Professional Services.
How Does AWS Security Work?
AWS is transparent that it operates under a shared security responsibility model. This setup provides the flexibility and agility necessary to implement security controls that meet your business’s needs. AWS is responsible for the security of its cloud infrastructure, like the hardware, virtualization technology, and the physical security of data centers. On the other hand, customers are responsible for the security of workloads they deploy in AWS’s platform. For example, they can limit access to their sensitive data or put loose controls for data intended for public use.
While AWS makes sure it’s upholding cloud security through best practices and a wide range of security resources, remember that it’s a shared responsibility between AWS and you as the customer. You still need to observe the right security practices, like managing your users to secure your data and apps.
A third-party cloud security solution, like Digital Guardian’s Cloud Data Protection enables companies to extend their enterprise data protection policies to the cloud, maintaining the visibility and control you need to ensure compliance. If you need further information on AWS and/or guidance on choosing an AWS security solution, check out our post on AWS security best practices and the most common AWS security issues.
