AWS SECURITY SERVICES AND MANAGEMENT SERVICES

AWS SECURITY SERVICES

DEFINITION OF AWS SECURITY

AWS Security refers to a range of qualities, tools, or features that make the public cloud service
provider Amazon Web Services (AWS) secure. An AWS security whitepaper titled “Introduction
to AWS Security” is a comprehensive document for learning the fundamentals of AWS security,
including AWS’s products and services as well as AWS’s approach to security.

BENEFITS OF USING AWS

Some cloud security benefits customers can enjoy under the AWS include:

Control where their data is stored and who can access their data. AWS made this possible by
combining access controls with continuous monitoring. This ensures that the right resources
have the right access at all times.
Reduce human configuration errors by automating security tasks. This gives customers more
time to focus on critical tasks, like scaling and innovating the business.
Extend AWS security benefits of AWS through technology and services offered by
AWS-selected solution providers.
AWS receives third-party evaluation to ensure that it meets global compliance requirements and
continuously monitors regulatory requirements to help customers meet security and compliance
standards across industries such as healthcare, finance, and others

__

ELEMENTS OF AWS SECURITY

When compared to a traditional on-premise configuration, many customers expect AWS to
provide higher security. Here’s a more detailed look at some of the features that make AWS a
secure platform:

AWS Security Infrastructure

An on-premise configuration requires the installation of firewalls and encryption software. Such
things can significantly spike costs besides the costs of on-site operation.

With security protocols built into the cloud infrastructure, AWS appears to have an inherent
advantage over the traditional set-up. AWS has tools for increasing privacy and controlling
network access, like network firewalls, connectivity options, and DDoS (distributed denial of
service) mitigation. AWS also has automatic encryption for all pieces of data flowing across its
global network.

Here’s one wonderful thing: customers can enjoy such security at no extra costs. One of the
benefits of cloud computing is that customers only pay for the resources they use, meaning
they’re paying for the computing time, used storage space, or both, while taking advantage of
AWS’s built-in security features.

AWS Identity Governance and Access Control

Customers can manage user accounts and permissions, thanks to AWS Identity and Access
Management (IAM). AWS also offers other services, like AWS Multi-Factor Authentication and
AWS Single Sign-On.

AWS Monitoring and Logging Tools

AWS offers tools that allow customers to view what’s happening inside the AWS environment.
This way, customers can readily detect issues before issues affect the business. Such tools
include AWS CloudTrail, Amazon CloudWatch, and Amazon GuardDuty.

AWS Security Compliance

AWS boasts third-party validation for lots of compliance requirements and regulations. SOC 1,
SOC 2, SOC 3, ISO 9001/ISO 27001, PCI DSS, HIPAA, GDPR – name one, and it’s highly likely
that AWS has it covered. AWS also offers reporting tools to show data compliance with
regulators. Note, though, that AWS share security compliance responsibilities with its
customers, and ultimately, it’s up to every business to ensure that it meets all applicable
compliance requirements.

A Wide Selection of AWS Security Products and Tools

AWS partners with a variety of companies that offer products and tools that can benefit AWS
customers. One that needs a special mention here is a digital catalog called the AWS
Marketplace. With AWS Marketplace, it’s easy for customers to find, test, buy, and deploy
AWS-compatible software from independent vendors. Aside from the AWS Marketplace, other
security resources include AWS Trusted Advisor, AWS Account Teams, AWS Enterprise
Support, AWS Partner Network, and AWS Professional Services.

HOW DOES AWS SECURITY WORK?

AWS is transparent that it operates under a shared security responsibility model. This setup
provides the flexibility and agility necessary to implement security controls that meet your
business’s needs. AWS is responsible for the security of its cloud infrastructure, like the
hardware, virtualization technology, and the physical security of data centers. On the other
hand, customers are responsible for the security of workloads they deploy in AWS’s platform.
For example, they can limit access to their sensitive data or put loose controls for data intended
for public use.

While AWS makes sure it’s upholding cloud security through best practices and a wide range of
security resources, remember that it’s a shared responsibility between AWS and you as the
customer. You still need to observe the right security practices, like managing your users to
secure your data and apps.

A third-party cloud security solution, like Digital Guardian’s Cloud Data Protection enables
companies to extend their enterprise data protection policies to the cloud, maintaining the
visibility and control you need to ensure compliance. If you need further information on AWS
and/or guidance on choosing an AWS security solution, check out our post on AWS security
best practices and the most common AWS security issues.
___
AWS Management Services:

AWS Management Services is a set of services and tools that automate infrastructure
management tasks for Amazon Web Services (AWS) deployments. The service is aimed at
large enterprises that want a simplified way to migrate on-premises workloads to the public
cloud and then manage those workloads after migration.

AWS Management Services enables an enterprise to automate cloud management tasks

including patch management, change management, provisioning, user access management,
incident monitoring, and backup and restores.

AWS Management Services provides a dedicated Cloud Service Delivery Manager and
Enterprise-level AWS Support coverage.

Using AWS Management Services

An enterprise follows a series of steps -- known as the AWS Managed Services Jumpstart
process -- to use the service. Part of this process includes a planning stage, selecting the
applications that will migrate to the public cloud, and then accessing the AWS Managed
Services platform.

AWS Managed Services assumes control of a customer's AWS account as part of the
onboarding process, but an administrator can still make change requests for resources via a
self-service cloud management console. AWS Managed Services continuously manages a
customer's AWS infrastructure according to best practices set by the Information Technology
Infrastructure Library and AWS. AWS Managed Services relies on APIs so it can integrate with
other development and systems management tools. The service supports Microsoft Windows
Server, Red Hat Enterprise and Amazon Linux operating systems, and can be used to manage
over 20 cloud services on AWS