AWS 101: How AWS Cloud Security Securely Protects Your Data
You have data, you have compliance requirements — and you want to save money and scale quickly, so what are your options when it comes to the cloud? Amazon Web Services (AWS) has you covered with a secure platform based on the services you select.
Nowadays it’s difficult to escape the daily news headlines about the latest security breach or company plagued by ransomware. Cloud security is a huge concern. While there are many misconceptions about it, one thing is clear. A solution like AWS depends on a partnership between the customer and the provider to make it work.
According to Gartner, at least 95% of cloud security failures are the fault of the customer, so how can you better protect your cloud environment?
Let’s take a step back to basic AWS 101 and look at how AWS became the “Infrastructure as a Service” leader that we know today. Back when Amazon was solely an e-commerce company, they needed a way to scale their own infrastructure. The company decided to build their own internal systems, but quickly ran into problems, forcing them to create an operating system of sorts that worked on top of the internet. It wasn’t until years later that they realized this infrastructure as a service could be sold to other organizations to provide secure cloud solutions.
Security of Cloud Versus On-Prem
Cloud security encompasses a set of policies and procedures that protect valuable information from getting leaked, stolen or deleted. As with on-prem IT infrastructure, cloud security focuses on high-level threats. And because the cloud exists in a dynamic environment that can scale while still remaining secure, performing any preventive and corrective actions is easy, following the same processes and strategies applicable to on-prem environments.
Security is mostly about access, right? In an on-prem environment, limiting access is about creating a secure perimeter. But the cloud doesn’t provide that. It’s a highly connected environment that allows traffic to flow in and out of it through the internet. Security in the cloud requires preventing unauthorized access through data encryption — and creating strong passwords and two-factor authentication.
AWS Shared Responsibility Model for Security and Compliance
AWS, like most cloud providers, assumes responsibility for the security of the cloud, while the customer and AWS share the burden of securing data. This is how the shared responsibility model between AWS and its customers works. It’s commonly referred to as Security “of” the Cloud versus Security “in” the Cloud to demonstrate the individual role held by AWS and the customer.
For its part to provide “Security of the Cloud”, AWS is responsible for protecting the essential infrastructure composed of hardware, software, networking and facilities. With a dedicated team of security professionals and a budget that overshadows even the largest enterprise, AWS cloud security is that of the highest level. This model removes the customer’s operational burden — and even provides a physical infrastructure housed in an off-site data center.
Customers are responsible for a different set of security protocols based on which AWS services they select. Security in the Cloud for customers means protecting their own data and any custom applications deployed in AWS. Customers must also ensure that proper access controls are managed, whether encouraging users to create strong passwords or employing two-factor verification.
As cloud computing becomes a more widespread way for organizations to offload their IT infrastructure, security remains a top concern. But with AWS security, initially built as an internal platform for online retail leader Amazon, security is backed by their significant investments and a trusted team of security professionals. The essential AWS security services can make the cloud more secure than your own on-prem IT infrastructure.
Be sure to check other blogs in our AWS 101 series for more must-know information about the Amazon cloud.