je.st
news
Five golden rules of security planning in the AWS cloud
2020-10-19 18:17:19| The Webmail Blog
Five golden rules of security planning in the AWS cloud nellmarie.colman Mon, 10/19/2020 - 11:17 Whatever you put in the cloud, it needs to be secure from day one. When you choose Amazon Web Services (AWS), you have the confidence of knowing that AWS is securing the hardware, software, networking and facilities. But youre responsible for securing everything you put in the cloud, including: Customer data Platform, applications, identity and access management Operating system, network and firewall configuration Client-side data encryption and data integrity authentication Server-side encryption for your file systems and/or data Networking traffic protection, including encryption integrity and identity Security is a shared responsibility between you and AWS. So youve got to do your part. You cant risk exposing confidential data or being compromised, and so protection and monitoring for your AWS cloud environment is vital. In this article, I discuss the importance of security engineering through five golden rules to follow when planning and building your cloud environment always with security in mind. 1. Security engineering should be your first step Always start with security. Once you know what youre going to do with your AWS cloud environment, but before you add data or apps, have proper security controls in place and a process that mandates that happening. There might be pressure to make things secure later too often, organizations prioritize other business goals. But unless you put security upfront, youll risk compromised environments, data loss and attacks by malicious actors all before youve had the chance to put proper security controls in place. 2. One size does not fit all The security landscape is complex. There are many tools and ways to do things. Not every security solution or product is best suited to every environment and they all have different capabilities. You must use the most appropriate security tools and products, and adapt them to how you use your cloud environment, the data you store in it and regulatory compliance requirements. Its therefore crucial to have people on your team or partners to work with who have a thorough understanding of security and the cloud environments you use. By combining those skills, you can ensure you have proper security controls in place. 3. People are core to security engineering You need the right team in place to successfully set up a secure AWS cloud environment. But dont make the mistake of then immediately dropping people from the equation. All the cloud native tools and monitoring you set up wont be valuable if you lack teams and processes that enable you to respond to problems. Tools can tell you about whats happening in your cloud environment, but if you dont have anyone monitoring it 24x7, you risk getting compromised and losing data. So ensure your organization has a SOC-like capability to more thoroughly protect your cloud environment. 4. Security is not a one-time engagement Dont set up a secure AWS environment and think the jobs done when its only just begun. Security engineering is not a one-time engagement that occurs when you spin up a new account. It needs to evolve constantly, based on your use of the cloud. Create processes that mandate a regular review of your AWS cloud environment. Work with people who understand what youre doing with it, how your use of the cloud has changed and any new services youve started to use. Security controls and processes must then adapt accordingly. 5. The cloud is radically different from what came before Some organizations struggle when transitioning to the cloud from dedicated environments. They are used to segregating internal resources the secure environment from the outside world by using a perimeter protection device. This provides a good level of protection in a dedicated scenario, but its not enough in the cloud. Not everything in the cloud runs on the server. You cannot protect everything with a single firewall. Your security approach must therefore be very different. Think beyond your network regarding threat detection (such as considering API calls to your cloud environment that wont necessarily go through your corporate firewall), use appropriate rather than solely familiar tools and products, and work with people who understand the threats, risks and security solutions and tools inside-out. Security in partnership To be effective in securing your AWS cloud, you need expertise in security, the cloud environment itself, and cloud native security products all while being aware of the rapid changes in security engineering and keeping pace with such developments. This can overwhelm, which is why organizations often partner with experts in the field. Rackspace Technology is the first consulting managed security service provider (MSSP) partner for AWS Security Hub, offering consulting services for AWS cloud native security products, including around-the-clock support from certified security experts in our global Security Operations Center (SOC). Rackspace Technology believes in the core fundamentals outlined in this article: security must come first; one size does not fit all; and security engineering needs evolve over time. This is why we offer managed security services using cloud native security products, such as our Cloud Native Security solution for AWS. Our aim is to combine skills and expertise to help you achieve your security goals and protect your cloud environment. But whether you choose to partner up or handle it alone, do prioritize making sure your cloud environments are secure before its too late. Five golden rules of security planning in the AWS cloud Keep these five golden rules of security planning in mind as you plan and build out your cloud environment. Secure your AWS environment, from day one. /managed-aws/capabilities/securityLearn how
Tags: the
security
planning
rules
Category:Telecommunications