With its growing capacity and wide variety of cloud services, its Web Services Amazon have become the most popular choice for many businesses and organizations, helping businesses provide scalability and economical storage in cloud computing.
His safety AWS is based on a model of joint responsibility: H Amazon provides the infrastructure and security and users are responsible for maintaining the security of the applications in which they run. This model allows users to gain more control over their data traffic, encouraging users to be more cautious. However, before moving on to the application migration process, it is a good idea to take a look at the following tips to help users get the most out of their security. AWS.
Understanding the concept of security team
OR Amazon provides a virtual firewall function to filter the traffic through your cloud compartment. However, the firewall AWS managed in a slightly different way than the traditional firewall. The central element of the firewall AWS is the "security group", which is basically equivalent to the policy called by other firewall suppliers, ie the set of rules. However, there are key differences between security teams and traditional firewall policies, and this must be fully understood.
First, there are no "actions" in the rules AWS that traffic is allowed or abandoned. This is due to the fact that all its rules AWS are positive and always allow the passage of the specified traffic, contrary to the traditional rules of the firewall.
Second, the rules AWS allow you to specify a source of traffic or a destination address where the two rules are different. For incoming rules, the source address indicates where the traffic is coming from, but does not require the destination address to say where it is coming from. The output rule is the opposite: you can specify the destination address instead of the source address. The reason for this is that the security team AWS will always automatically specify the unspecified fee (source or destination, depending on the situation) for the presence of the application.
The AWS gives you great flexibility in applying rules. A security team can be applied in many cases, just as you can apply a traditional security policy to many firewalls. The AWS also allows you to reverse it: Applying multiple security groups to the same presence means that the presence inherits rules from all relevant security groups. This is one of the many possibilities offered by Amazon, allowing you to create security groups for specific functions or operating systems and then combine them to suit your business needs.
Outbound traffic management
Of course, the AWS will manage outbound traffic, but management is somewhat different from the usual approach, so be careful. During the initial setup process, users AWS are not automatically directed to outbound traffic settings. By default, all outgoing traffic is allowed.
Obviously, this is an unsafe setting that can lead to the loss of company data, so it is recommended to create rules that will only allow you to specify outbound traffic to protect truly critical data. Because the Installation Guide AWS does not start automatically for outgoing settings, you must create and apply these rules manually.
Control and compliance
Once you start using it AWS in your products, you need to remember that these applications are now in the light of compliance and internal control. THE Amazon offers some built-in features that help with compliance and control such as: Amazon CloudWatch, similar to log servers and Amazon CloudTrail, which records and monitors your API calls. However, if you are using a hybrid data center environment, you will need additional compliance and control tools.
Your business will be subject to different regulations depending on the industry in which you are located and the type of data you are dealing with. For example, if you deal with credit card information, they are subject to the Payment Card Industry (PCI) regulation. Therefore, if you want to process this sensitive data with the cloud platform AWS, you need the right third-party security management product to have the same reporting capabilities as a normal firewall.
The most important things you need to get from a third party solution is the visibility of all security teams and the entire hybrid asset, as well as the comprehensive security and environment analysis and control that your local security infrastructure can provide.
The safety of all those placed in the environment AWS it is your responsibility. By considering all of the above, you will be able to protect your data and comply with the requirements as you use the AWS.