Amazon Web Services: Security Guide

With its growing capacity and wide variety of cloud services, its Web Services έχουν γίνει η πιο δημοφιλής επιλογή για πολλές επιχειρήσεις και οργανισμούς, βοηθώντας τις επιχειρήσεις να παρέχουν κλιμάκωση και οικονομική αποθήκευση στο .

AWS security is based on a shared responsibility model: Amazon provides the infrastructure and security, and users are responsible for maintaining the security of the applications in which they run. This model allows users to gain more control over their data traffic, encouraging users to be more cautious. However, before proceeding with the application migration process, it is a good idea to take a look at the following tips to help users get the most out of AWS security.

Understanding the concept of security team

Amazon provides a virtual firewall feature to filter the traffic through your cloud compartment. However, the AWS firewall is managed in a slightly different way than the traditional firewall. The central element of the AWS firewall is the "security team", which is basically equivalent to the policy called by other firewall vendors, ie the set of rules. However, there are key differences between security teams and traditional firewall policies, and this must be fully understood.

First, there are no "actions" in the AWS rules that traffic is allowed or abandoned. This is due to the fact that all the rules of AWS are positive and always allow the passage of the specified traffic, in contrast to the traditional rules of the firewall.

Second, AWS rules allow you to specify a traffic source or destination address where the two rules are different. For incoming rules, the source address indicates where the traffic is coming from, but does not require the destination address to say where it is coming from. The output rule is the opposite: you can specify the destination address instead of the source address. The reason for this is that the AWS security team will always automatically set the unspecified fee (source or destination, depending on the situation) for the presence of the application.

AWS gives you great flexibility in enforcing rules. A security team can be applied in many cases, just as you can apply a traditional security policy to many firewalls. AWS also lets you reverse it: Applying multiple security groups to the same presence means that the presence inherits rules from all relevant security groups. This is one of the many features that Amazon offers, allowing you to create security teams for specific functions or operating systems and then combine them to suit your business needs.

Outbound traffic management

Of course, AWS will manage outbound traffic, but management is somewhat different from the usual approach, so be careful. During the initial setup process, AWS users are not automatically directed to the outbound traffic settings. By default, all outgoing traffic is allowed.

Obviously, this is a no setting that can lead to loss of company data, so it is recommended to create rules that allow you to specify only outgoing traffic to protect truly critical data. Because the AWS Setup Wizard does not launch automatically for outbound settings, you must create and apply these rules manually.

Control and compliance

Once you start using AWS in your products, you need to remember that these applications are now in the light of compliance and internal audit. Amazon offers some built-in features to help with compliance and auditing such as: Amazon CloudWatch, similar to logging servers, and Amazon CloudTrail, which logs and audits your API calls. However, if you are using a hybrid data center environment, you will need plugins compliance and control.

Your business will be subject to different regulations depending on the industry in which you are located and the type of data you are dealing with. For example, if you deal with credit card information, they are subject to the Payment Card Industry (PCI) regulation. Therefore, if you want to process this sensitive data with the AWS cloud platform, you need the right third-party security management product to have the same reporting capabilities as a normal firewall.

The most important things you need to get from a third party solution is the visibility of all security teams and the entire hybrid asset, as well as the comprehensive security and environment analysis and control that your local security infrastructure can provide.

The security of all those placed in the AWS environment is your responsibility. By considering all of the above, you will be able to protect your data and comply with the requirements while using AWS.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by Anastasis Vasileiadis

Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).