Cloud security at AWS is the highest priority. As an AWS customer, you will benefit from a data center and network architecture built to meet the requirements of the most security-sensitive organizations.
An advantage of the AWS cloud is that it allows customers to scale and innovate, while maintaining a secure environment. Customers pay only for the services they use, meaning that you can have the security you need, but without the upfront expenses, and at a lower cost than in an on-premises environment.
Infrastructure Security Edit
- Network firewalls built into Amazon VPC.
- TLS encryption in transit across all services.
- Private or dedicated connections into your data centre
Infrastructure Resilience Edit
- Technologies built from the ground up for resilience in the face of DDoS attacks.
- Services can be used in combination to automatically scale for traffic load.
- Autoscaling, CloudFront, Route 53 can be used to prevent DDoS.
Data Encryption Edit
- Encryption at rest available in EBS, S3, Glacier, RDS (Oracle and SQL Server) and Redshift.
- Key management through AWS KMS - you can choose whether to control the keys or let AWS.
- Server side encryption of message queues in SQS.
- Dedicated hardware-based cryptographic key storage using AWS CloudHSM, allowing you to satisfy compliance requirements.
- APIs to integrate AWS security into any applications you create.
Standards and Best Practices Edit
- A security assessment service, Amazon Inspector, that automatically assesses applications for vulnerabilities or deviations from best practices, including impacted networks, OS, and attached storage
- Deployment tools to manage the creation and decommissioning of AWS resources according to organization standards
- Inventory and configuration management tools, includingAWS Config, that identify AWS resources and then track and manage changes to those resources over time
- Template definition and management tools, including AWS CloudFormation to create standard, preconfigured environments
Monitoring and Logging Edit
- Deep visibility into API calls through AWS CloudTrail, including who, what, who, and from where calls were made
- Log aggregation options, streamlining investigations and compliance reporting
- Alert notifications through Amazon CloudWatch when specific events occur or thresholds are exceeded
Identity and Access Control Edit
- AWS Identity and Access Management (IAM) lets you define individual user accounts with permissions across AWS resources
- AWS Multi-Factor Authentication for privileged accounts, including options for hardware-based authenticators
- AWS Directory Service allows you to integrate and federate with corporate directories to reduce administrative overhead and improve end-user experience
Security Support Edit
- Real-time insight through AWS Trusted Advisor
- Proactive support and advocacy with a Technical Account Manager (TAM)
Compliance Assurance Programs Edit
From certifications, regulations to frameworks, AWS has you covered. Some of those included are:
- Cyber Essentials Plus (UK)
- DoD SRG (US)
- FIPS (US)
- ISO 9001
- UK Data Protection Act
- EU Data Protection Directive
- G-Cloud (UK)
- UK Cloud Security Principles