Sunday, November 23, 2014

Amazon Web Services Part 2: Security Offerings

In the early days of cloud computing, the major stumbling block for moving to the public cloud is - SECURITY.
image source: http://core0.staticworld.net/images/article/2012/09/hackers_security_password-100004008-orig.jpg

Amazon Web Services (AWS) has made special effort in marketing that AWS is "safe". Even the U.S. government is starting to migrate some of its IT operation to Amazon.  Amazon has a special “region” for the U.S. government – AWS GovCloud, where it has its specific regulatory and compliance requirement for sensitive data.

Let us take a look at what security AWS has to offer and let you decide if it is good enough for you to use. 

Shared Security Model
Depending on the feature used, Amazon does not have full control on the application that is running on its infrastructure.  Amazon present a "Shared" security model where whatever is under the control and/or management of Amazon it will provide world-class security and compliance.  For the portion that is under the control of the customer such as applying security patches and updates to the Microsoft Windows Operating System, it is the responsibility of the customer to keep that portion safe while Amazon will provide as much assistance/resources for the customer to accomplish such task.

image source: http://evident.io/images/blog-9-25-image-4.png

Amazon also provide the ability for the customer to prove regulatory compliance such as HIPPA, ISO 27001 etc.  For AWS Compliance we can go to this website for more information.  Penetrating testing can be performed by customer (with written approval) to validate if their resources in the AWS Infrastructure is secure.

AWS Security
Security provided by AWS can be looked at in 4 areas:
  1. AWS Infrastructure Security
  2. AWS Access Security
  3. AWS Account Security
  4. AWS Service-specific Security

Let's take a quick look at these 4 areas.

AWS Infrastructure Security
As described on my last post, AWS infrastructure is divided into Regions, Availability Zone and Edge Locations.  

Regions are defined geographically and can be think of as physical Data Centers.  According to Amazon's web site on security these data centers are highly secured physically with security guards on duty 24X7, state-of-the art electronic surveillance and multi-factor access control systems.  AWS has a strong incident-response team to address any kind of failure within the AWS Infrastructure.

As the name suggested Availability Zones are defines such that they are physically separated within a typical metropolitan area.   This helps to provide data availability in case of the lost of a data center.  Data availability is one of the 3 main security aspect.

Network is part of AWS Infrastructure. Security Groups (virtual firewall that controls the traffic for one or more instances) is deployed for EC2.  Also, dedicated fiber links between regions and if necessary, customer can paid for dedicated link from the customer's location into AWS's local region.  The use of security certification and/or SSL for access into AWS either via web access or API.

AWS Access Security
AWS separates its production network with its corporate network which minimize the risk of rouge AWS employee gaining access to the customer's data.  For AWS employees who needs to gain access to any components in the AWS infrastructure must gain written approval and through the AWS Access Management System. AWS employees are required to have criminal background checks.

AWS Account Security
To follow security best practice, AWS provide customer with the ability to create user account with different roles such that each account is granted least amount of privilege via the AWS Identity and Access Management system (AWS IAM).

Also, AWS provides features such as:
  • Key Management and rotation
  • Temporary Security credentials
  • Multi-factor Authentication (MFA)

for additional access security.  These are all industry security best practices.  Security certificate are used heavily in AWS and to rotate the access key and certificates is just like changing the password for a user.  Most enterprise with a Microsoft Active Directory mandates user to change their password in a configured interval.  Also, multi-factor authentication such as the use of Access Token minimize the risk of user password being compromised because attacker will have to process the Access Token to gain access to AWS.

AWS Service-specific Security
Each AWS service has security build-in.  Since AWS as a long list of services, we can not go into specific detail as to how each service provides security for the user.  For a more detailed description of service-specific security go to http://aws.amazon.com/security to get the latest version of the "AWS: Overview of Security Processes".

Related Post:
Amazon Web Services Part 1: Do you know all of these icons?

40 comments:

  1. If you want to know about security system on amazon just see this link: the best security system on amazon

    ReplyDelete
    Replies
    1. Friends A To Z Computer Repair Service Alavandan
      https://123just.com/ad/67/computer-repair-service-in-madurai

      Delete
  2. This comment has been removed by the author.

    ReplyDelete
  3. Those guidelines additionally worked to become a good way to
    recognize that other people online have the identical fervor like mine
    to grasp great deal more around this condition.


    AWS Training in Bangalore


    AWS Training in Bangalore

    ReplyDelete
  4. Thanks for sharing link, AWS is most widely used cloud services all over the world and it is very secure to work. According to my research 24x7 sever support is best AWS management services provider.

    ReplyDelete
  5. your detailed writeup part by part motivates me in knowing more about Amazon Web Services.. Thanks a lot and keep on posting more please..


    aws training in bangalore

    ReplyDelete
  6. Informative Post! Thank you such a great amount for sharing. This pretty post, it was so great to peruse and helpful to enhance my insight as refreshed one, continue blogging... Vendor Reconciliation | CA Firms | Warehouse Audit


    ReplyDelete
  7. AWS is biggest cloud service platform and it has become an absolute essential for candidates to be aware of cloud computing There are several institutes which provide AWS Training in Bangalore.

    ReplyDelete
  8. I appreciate what you folks are as a rule up as well. This kind of astute work and scope! Keep up the brilliant works folks I've added you all to my blog roll.

    Dot Net online training in bengalore

    ReplyDelete
  9. This comment has been removed by the author.

    ReplyDelete
  10. Really you have done great job,There are may person searching about that now they will find enough resources by your post
    python training in chennai
    python course institute in chennai

    ReplyDelete
  11. Excellent blog, I wish to share your post with my folks circle. It’s really helped me a lot, so keep sharing post like this
    Best Devops Training in pune
    excel advanced excel training in bangalore

    ReplyDelete
  12. Some us know all relating to the compelling medium you present powerful steps on this blog and therefore strongly encourage
    contribution from other ones on this subject while our own child is truly discovering a great deal.
    Have fun with the remaining portion of the year.

    Selenium training in bangalore | best selenium training in bangalore | advanced selenium training in bangalore | no.1 selenium training in bangalore

    ReplyDelete
  13. Hi, I am a big follower of your blog. Really very informative post you shared here. Keep sharing this type of informative blog. Waiting for your next update. If anyone wants Duplicate Payment Audit
    Continuous Monitoring
    Vendor Audit
    AR Customer Helpdesk

    ReplyDelete
  14. A very nice guide. I will definitely follow these tips. Thank you for sharing such detailed article. I am learning a lot from you.
    python Training in Chennai
    python Training in Bangalore
    python Training in Pune

    ReplyDelete
  15. I Got Job in my dream company with decent 12 Lacks Per Annum salary, I have learned this world most demanding course out there in the current IT Market from the big data training in bangalore Providers who helped me a lot to achieve my dreams comes true. Really worth trying Freelance seo expert in bangalore

    ReplyDelete
  16. If delivery processes are not aligned properly, then the value at the dealer and user end is diminished comparatively. click

    ReplyDelete
  17. We are tied directly into the sate’s renewal database which allows us to process your request almost instantly. buy essays pagalworld music

    ReplyDelete
  18. The blog is created in essential English with no longing towards composing.
    Microsoft project alternative

    ReplyDelete
  19. Such a great information for blogger iam a professional blogger thanks…

    Learn DevOps Training from the Industry Experts we bridge the gap between the need of the industry. Softgen Infotech provide the Best DevOps Training in Bangalore with 100% Placement Assistance. Book a Free Demo Today.

    ReplyDelete
  20. Thank you for sharing .The data that you provided in the blog is informative and effective. aws training in bangalore

    ReplyDelete
  21. Really i appreciate the effort you made to share the knowledge. The topic here i found was really effective...

    Looking for Software Training in Bangalore , learn from Softgen Infotech Software Courses on online training and classroom training. Join today!

    ReplyDelete
  22. It is amazing and wonderful to visit your site.Thanks for sharing this information,this is useful .Oracle training in Bangalore

    ReplyDelete
  23. Great post!I am actually getting ready to across this information,i am very happy to this commands.Also great blog here with all of the valuable information you have.Well done,its a great knowledge.Software Testing Training in Bangalore

    ReplyDelete

  24. Great post!I am actually getting ready to across this information,i am very happy to this commands.Also great blog here with all of the valuable information you have.Well done,its a great knowledgez. ORACLE APPS training in bangalore

    ReplyDelete
  25. Its as if you had a great grasp on the subject matter, but you forgot to include your readers. Perhaps you should think about this from more than one angle. Free iTunes Gift Card

    ReplyDelete
  26. It was a very good experience,Faculty members are very knowledgeable and cooperative. Specially My trainer teaching more as he focused upon practical rather than theory. All together it was an enlightening and informative course.

    microsoft training and placement support in bangalore

    microsoft training free demo class

    microsoft placement bangalore

    microsoft online training

    microsoft classroom training

    microsoft training with lab facilities

    microsoft training with certified and experienced trainers

    ReplyDelete
  27. APTRON Gurgaon is an excellent Amazon Web Services Training Institute with great infrastructure and newly-designed labs which enables one to practice and pursue different courses at APTRON Gurgaon.
    For More Info: AWS Institute in Gurgaon

    ReplyDelete
  28. This comment has been removed by the author.

    ReplyDelete
  29. A great blog, it has a lot of useful information to me
    Village Talkies a top-quality professional corporate video production company in Bangalore and also best explainer video company in Bangalore & animation video makers in Bangalore, Chennai, India & Maryland, Baltimore, USA provides Corporate & Brand films, Promotional, Marketing videos & Training videos, Product demo videos, Employee videos, Product video explainers, eLearning videos, 2d Animation, 3d Animation, Motion Graphics, Whiteboard Explainer videos Client Testimonial Videos, Video Presentation and more for all start-ups, industries, and corporate companies. From scripting to corporate video production services, explainer & 3d, 2d animation video production , our solutions are customized to your budget, timeline, and to meet the company goals and objectives.
    As a best video production company in Bangalore, we produce quality and creative videos to our clients.

    ReplyDelete
  30. An awesome blog for the freshers. Thanks for posting this information.
    AWS Course
    AWS Online Training Hyderabad

    ReplyDelete
  31. When you shop online at Zalora, using a promo code is the most convenient way to save money. All you have to do is click on the link below, copy the code, enter your promo code, and complete your purchase. promo code Zalora

    ReplyDelete