If you’re protecting a medieval castle, you want to secure what’s inside the castle, but also the castle itself (with a moat, for example).
When it comes to security in the cloud, there’s an important premise in AWS called the Shared Responsibility Model. It’s pretty much exactly how it sounds: Security and compliance are a shared responsibility between AWS and its customers. AWS is responsible for security of the cloud (the moat protecting the castle walls) and you are responsible for security in the cloud (protecting what’s inside the castle).
Your Role in Cloud Security
Are you and your team prepared to handle your role in cloud security? More often than not, companies fall short here. There are a lot of high-profile breaches that trace back to cloud security failures. Even major tech-savvy corporations, like Tesla, have issues configuring AWS buckets appropriately and, in the process, have exposed a bunch of customer data (I like to call it the newspaper test: If you end up on the front page of the newspaper for a data breach, how is it going to impact your business?). Security is one of the six pillars of the AWS Well-Architected framework, which helps cloud architects build secure, high-performing, resilient, and efficient infrastructure for a variety of applications and workloads.
Here are some questions you can think about as you’re weighing your ability to handle this level of security:
- Does your team have the requisite skills?
- Can you write the policies?
- Can you configure the roles?
- Do you know the appropriate configurations to lock things down?
- Are you able to monitor and validate that your assets are secure?
If you answered yes to all of these questions, then you should be prepared to take on your part of the Shared Responsibility Model. If you answered no to any questions, then you may want to consider some training to get you where you need to be.
Preparing for Your Role in Cloud Security
In 40 hours of fully customized AWS training, we go over tools like Access Advisor and Policy Simulator to make sure you have everything configured appropriately.
Here are a few particular components:
- Cloud Trail is the audit trail tool to determine who’s been doing what. The audit trail is a part of security, making sure that people are only doing what they are supposed to be doing.
- We also go over the Identity and Access Management (IAM) service. This is how you manage users and understand what the users have permissions to do. There are users, user groups, roles, policies, and permissions, as well as best practices like multifactor authentication. You also have to manage access and keys properly.
- Account management: AWS recommends having multiple accounts and then organizing those within a group. You might have an account for deployment, development, staging, and production.
- Separation of duties is important in terms of managing access keys and secret keys. So if you have an account, that’s a production account. Only certain people are going to have permissions and access to that account, as opposed to your development and deployment accounts. The different accounts determine the separation of duties, not the access and secret keys.
There are a lot of choices for the type of cloud service model you want to go to: there are some in which AWS is taking more responsibility (BaaS and SaaS). If you do on-premise, you as an organization are responsible for more of the security requirements. They are generally much better at security than a single organization.
Security is such an important topic that we weave it in throughout the entire training program. So, please don’t hesitate to reach us for more information.
To get started today, reach us at edu@manifestcorp.com.
