Cloud security at AWS is the highest priority. As an AWS customer, you will benefit from a data center and network architecture built to meet the requirements of the most security-sensitive organizations.

An advantage of the AWS cloud is that it allows customers to scale and innovate, while maintaining a secure environment. Customers pay only for the services they use, meaning that you can have the security you need, but without the upfront expenses, and at a lower cost than in an on-premises environment.

Infrastructure Security Edit

  • Network firewalls built into Amazon VPC.
  • TLS encryption in transit across all services.
  • Private or dedicated connections into your data centre

Infrastructure Resilience Edit

  • Technologies built from the ground up for resilience in the face of DDoS attacks.
  • Services can be used in combination to automatically scale for traffic load.
  • Autoscaling, CloudFront, Route 53 can be used to prevent DDoS.

Data Encryption Edit

  • Encryption at rest available in EBS, S3, Glacier, RDS (Oracle and SQL Server) and Redshift.
  • Key management through AWS KMS - you can choose whether to control the keys or let AWS.
  • Server side encryption of message queues in SQS.
  • Dedicated hardware-based cryptographic key storage using AWS CloudHSM, allowing you to satisfy compliance requirements.
  • APIs to integrate AWS security into any applications you create.

Standards and Best Practices Edit

  • A security assessment service, Amazon Inspector, that automatically assesses applications for vulnerabilities or deviations from best practices, including impacted networks, OS, and attached storage
  • Deployment tools to manage the creation and decommissioning of AWS resources according to organization standards
  • Inventory and configuration management tools, includingAWS Config, that identify AWS resources and then track and manage changes to those resources over time
  • Template definition and management tools, including AWS CloudFormation to create standard, preconfigured environments

Monitoring and Logging Edit

  • Deep visibility into API calls through AWS CloudTrail, including who, what, who, and from where calls were made
  • Log aggregation options, streamlining investigations and compliance reporting
  • Alert notifications through Amazon CloudWatch when specific events occur or thresholds are exceeded

Identity and Access Control Edit

  • AWS Identity and Access Management (IAM) lets you define individual user accounts with permissions across AWS resources
  • AWS Multi-Factor Authentication for privileged accounts, including options for hardware-based authenticators
  • AWS Directory Service allows you to integrate and federate with corporate directories to reduce administrative overhead and improve end-user experience

Security Support Edit

  • Real-time insight through AWS Trusted Advisor
  • Proactive support and advocacy with a Technical Account Manager (TAM)

Compliance Assurance Programs Edit

From certifications, regulations to frameworks, AWS has you covered. Some of those included are:

  • Cyber Essentials Plus (UK)
  • DoD SRG (US)
  • FIPS (US)
  • ISO 9001
  • GLBA
  • UK Data Protection Act
  • EU Data Protection Directive
  • G-Cloud (UK)
  • NIST
  • UK Cloud Security Principles