AWS 101: How Amazon Cloud Security Securely Protects Your Data

Posted by Gerald Van Guilder, Senior Cloud Architect

Aug 28, 2019


You have data, you have compliance requirements — and you want to save money and scale quickly, so what are your options when it comes to the cloud? Amazon Web Services (AWS) has you covered with a secure platform based on the services you select.

Nowadays it’s difficult to escape the daily news headlines about the latest security breach or company plagued by ransomware. Cloud security is a huge concern. While there are many misconceptions about it, one thing is clear. A solution like AWS depends on a partnership between the customer and the provider to make it work.

IAAS - Infrastructure-as-a-ServiceAccording to Gartner, at least 95% of cloud security failures are the fault of the customer, so how can you better protect your cloud environment?

Let’s take a step back to basic AWS 101 and look at how AWS became the “Infrastructure as a Service” leader that we know today. Back when Amazon was solely an e-commerce company, they needed a way to scale their own infrastructure. The company decided to build their own internal systems, but quickly ran into problems, forcing them to create an operating system of sorts that worked on top of the internet. It wasn’t until years later that they realized this infrastructure as a service could be sold to other organizations to provide secure cloud solutions.

Security of Cloud Versus On-Prem

Cloud_SecurityCloud security encompasses a set of policies and procedures that protect valuable information from getting leaked, stolen or deleted. As with on-prem IT infrastructure, cloud security focuses on high-level threats. And because the cloud exists in a dynamic environment that can scale while still remaining secure, performing any preventive and corrective actions is easy, following the same processes and strategies applicable to on-prem environments.

Security is mostly about access, right? In an on-prem environment, limiting access is about creating a secure perimeter. But the cloud doesn’t provide that. It’s a highly connected environment that allows traffic to flow in and out of it through the internet. Security in the cloud requires preventing unauthorized access through data encryption — and creating strong passwords and two-factor authentication.

AWS Shared Responsibility Model for Security and Compliance

AWS, like most cloud providers, assumes responsibility for the security of the cloud, while the customer and AWS share the burden of securing data. This is how the shared responsibility model between AWS and its customers works. It’s commonly referred to as Security “of” the Cloud versus Security “in” the Cloud to demonstrate the individual role held by AWS and the customer.

SecurityFor its part to provide “Security of the Cloud”, AWS is responsible for protecting the essential infrastructure composed of hardware, software, networking and facilities. With a dedicated team of security professionals and a budget that overshadows even the largest enterprise, AWS cloud security is that of the highest level. This model removes the customer’s operational burden — and even provides a physical infrastructure housed in an off-site data center.

Customers are responsible for a different set of security protocols based on which AWS services they select. Security in the Cloud for customers means protecting their own data and any custom applications deployed in AWS. Customers must also ensure that proper access controls are managed, whether encouraging users to create strong passwords or employing two-factor verification.

As cloud computing becomes a more widespread way for organizations to offload their IT infrastructure, security remains a top concern. But with AWS security, initially built as an internal platform for online retail leader Amazon, security is backed by their significant investments and a trusted team of security professionals. The essential AWS security services can make the cloud more secure than your own on-prem IT infrastructure.

Be sure to check other blogs in our AWS 101 series for more must-know information about the Amazon cloud.

AWS 101: An Introduction to Modern Cloud Computing

AWS 101: What is Amazon WorkSpaces?

AWS 101: How Does Amazon EC2 Work in Cloud Computing?

AWS 101: What is Amazon S3 and Why Should I Use It?

AWS 101: How AWS Identity and Access Management (IAM) Works

AWS 101: Why You Should Be Deploying AWS Lambda to Run Code

AWS 101: Using Auto Scaling to Manage Infrastructure

SecGov Checklist

Subscribe for Updates

Gerald Van Guilder, Senior Cloud Architect

Gerald (Jerry) Van Guilder specializes in GCP and AWS architecture, deployments/implementations and migrations. One of the many things that he enjoys is enabling clients to feel empowered not only by technologies but also in the skill/knowledge transfer that transpires during the course of an engagement. Jerry lives (and works) in Syracuse, New York, with his wife and two pups.

Popular posts

AWS 101: What is Amazon S3 and Why Should I Use It?

Kubernetes 101: What are Nodes and Clusters?

Google Workspace vs. Microsoft 365: A Comparison Guide (2022)