This is the fourth in a series of seven on the five pillars for well-architected AWS security. For the entire series, visit the Five pillars – AWS blog page here.
Many organizations make the mistake of beginning their security framework discussions around Infrastructure Protection (aka NetSec), as this was traditionally how they secured on-premises infrastructure. Companies erroneously assume that because they are leveraging a cloud infrastructure, either they will be less secure than when they “owned” all those resources, or that they can simply mirror their on-premises network security controls in the cloud.
Again, the cloud is different. The Shared Security model under which AWS operates inherently guarantees security of the network – but can’t guarantee the security of the companies who are accessing it. Or put another way, organizations using the cloud need to put security measures in place that will ensure they are not the source of threats and compromises.
In AWS, you can implement both stateful and stateless packet inspection at a very basic protection level – either AWS-native technologies can be leveraged or a number of third-party partner products and services can be acquired through the AWS Marketplace.
The Amazon Virtual Private Cloud (Amazon VPC) provides a private, secured and scalable environment – specifically designed to allow you to define your own specific topology. With the VPS environment, gateways, routing tables, and both public and private subnets can be defined and protected. Persistent defenses can be deployed by hardening configurations they develop in either Amazon EC2, ECS, or Elastic Beanstalk instances by containers and then applying these configurations to an Amazon Machine Image AMI – then, all new instances launched via this AMI will receive the same hardened configuration.
To develop a well-architected infrastructure protection pillar, customers must:
- Understand how they will protect their networks
- Understand how they will protect their compute resources
Visit the Well-Architected Labs documentation series to read more about Protecting Networks and Protecting Compute Resources.
Next week we’ll dive deeper into the 4th Pillar, Data Protection. To follow this series in its entirety, visit the Five Pillars – AWS blog page here.
Barracuda Cloud Security Guardian has been designed from the ground up to integrate with AWS and leverage built-in security and alerting features. For a free scan, visit our website here.
Rich ist Director of Public Cloud Product Marketing bei Barracuda. Er stieß im Rahmen der Übernahme von C2C Systems im Jahr 2014 zum Team. Rich ist einer der Public-Cloud-Experten von Barracuda – er arbeitet direkt mit den Cloud-Ökosystemen und wurde in E-Books von Microsoft zum Thema Public Cloud Security zitiert. Er schreibt außerdem häufig für die eigenen Cloud-Blogs von Barracuda. Für unsere Cloud-Initiativen hilft er bei der Entwicklung von Strategien und deren Umsetzung mit unseren Partnern und Vertriebsteams.
Wenn Sie mit Rich in Kontakt treten möchten, können Sie sich auf LinkedIn mit ihm vernetzen und ihm auf Twitter folgen.
Sie können Rich ein E-Mail [email protected] senden.
