Is AWS secure?

Security: It’s a shared responsibility. 

AWS IT- VM Host Security, Database, Store, Network, and Data Center Security. 

CORP IT- Is responsible for- OS, Host Firewall, Applications, Data Encryption, Authentication, and Network Integrity.

Physical Security-
- Mysterious Locations
- Physical Access Controlled
- Standard Data Center Security (Multifactor Authentication, Logging.

Servers and Network-
- Methodical Management / Phased Update.
- Secure Storage Decommissioning Process.
- Always on monitoring system
- ISO and Hippa certified security.

AWS Security Methods: Firewall Rules and Private Communications

Security Groups – You can setup security group with instances, it’s like an allow list for tiers of servers.

Virtual Private Cloud / Access-Lists- Your own VPC, own network IP list and you control who is coming and going out. Even what protocols are allowed.

Direct connect to private data center – You can connect your own servers/datacenters to your Network segment in Amazon. You can place a NAS in the Direct Connect AWS Data center.

Import / Export of Data – You can ship a drive to Amazon and they will securely import / export a data dataset for you and ship it back to you.

VPN Access / Security Gateway from your sites – You can create a secure gateway from your site to Amazon using let’s say Cisco router. You can have security gateway, if something happens at AWS you can backup your data to our DC.

Dedicated Servers – You can lease a dedicated server to prevent noisy neighbor.

AWS Security Methods: Identity and Access Management (IAM)
- Master Account created at signup has access to everything, you should not use your master account for server provisioning etc. All others access are managed through IAM. It’s like a root user. IAM dictates access to AWS resources. You can create security groups and assign access.
- Multifactor Authentication Support. Offers keyfob or google authenticator like security for free.
- API access through Access ID / secret key. Applications can access servers via access id API.
- Authentication to your application handled internally.

Comments

Popular Posts