Since the shift from the concept of traditional IT to the public cloud, there have been many new security services and cloud-native tools being implemented across all vertical industries to protect and govern the customer cloud environment. Cloud computing is evolving at an ever-increasing rate of change, but regulations and technology have not been keeping the same pace. Businesses trust the AWS cloud to secure their infrastructure so they can grow and evolve by accelerating innovation.
How Do I Map Cloud-Native Security Controls in AWS?
Given the fact that we have been using traditional IT in data centers for a long time now—and that we have all integrated different security tools and software to protect and govern our environment—public cloud security has become a major concern. I have heard everything from, “I don’t trust the cloud,” to “the cloud is not secure.”
Well, these references come from organizations that have not collected enough knowledge and experience about public cloud models. Yes, some public cloud providers have better security in place than others. When it comes to AWS, they have cloud-native security tools and services that we can use to protect our environments. These security tools use the latest and greatest technologies, such as Machine Learning (ML) for patterns and training and Artificial Intelligence (AI) to help drive the cloud-native tools and services to do the jobs we all used to perform manually.
Security by Design Principles
The Zero Trust model is a security model developed by Forrester that has become a popular framework in the cybersecurity world.
Instead of assuming that everything that sits behind a firewall is safe, the Zero Trust model assumes a breach and verifies each separate request in the essence that it is originated from an open network. Essentially, what Zero Trust is teaching us is that no matter where the request originated from or what resource or service the request is attempting to access, Never Trust and Always Verify every access attempt and request.
AWS has introduced native security tools that use Machine Learning and analytics for deep intelligence that helps detect anomalies. Zero Trust implies to not trust anything both inside or external to the network until that attempt has been both authenticated and authorized to access the resource.
Identity and Access Management (IAM)
As we talk about least-privilege access as a fundamental security practice that should be implemented no matter whether it’s a traditional on-premises environment or in the cloud, it becomes clear that restricting access is vital in any organization.
AWS provides IAM as a free service and with this, we can control what access is given into our AWS accounts. Every AWS account is enabled with IAM and its own IAM database, which is highly resilient and secure across all AWS regions. Operationally, the IAM of an account is trusted fully by the account, so IAM as a service is able to do as much as the root user. Inside IAM, you are able to create identities, and IAM lets these identities do certain things. As a single AWS account trusts IAM, if IAM lets one of the identities that it manages do a task, then the account automatically trusts that identity in the same way that it trusts IAM.
[ WHITE PAPER ] SECURING YOUR AWS ENVIRONMENT CLOUD NATIVELY
Continue learning about public cloud security by downloading our white paper, which can be used for identifying and architecting key areas and items that are operational risks for security.