By: Ruby Nahal, President & Infrastructure Architect
Every techy will have a dissimilar view of cloud security. Trusting independent audits over individual opinions is important. Most often the individual opinions are formed by individual SaaS and PaaS offerings and not by experience with AWS. While some even today want to avoid anything cloud like the plague, others think they can “wing it” (the migration to AWS) without understanding the repercussions.
Security of AWS
The security of AWS, which means the security of the physical infrastructure and staff resources of AWS, is usually the biggest concern. Here are some resources to help you how serious AWS is about security:
Security in AWS
Security in AWS refers to the security of systems built on top of AWS. Just as in a traditional data center or on-premises server infrastructure, the security of a system built on AWS still needs to follow the security best practices and tighten the policies. Even though AWS does take care of the physical layer of these systems, it has a shared responsibility model. In simple terms, you need to know what you are doing building systems on AWS.
AWS makes it easier for engineers by providing many tools to enable the implementation of security best practices, including audit tools and compliance “checkers.” Many of the tools you already use to safeguard your infrastructure today — like WAFs, network ACLs, security groups, central authentication, MFA, etc. — can also be applied to AWS.
Whenever someone claims that AWS is more secure than their on-premises infrastructure, as GE did, what they usually mean is that the security tools that AWS provides help enable much greater transparency and reinforcement of traditional security measures which means organizations are not spending millions of dollars re-inventing the wheel.
Migrating applications on AWS led these organizations to tighten security controls and reinforce controls with automation in the process of migrating to the cloud. Automation is possible though not nearly as simple in bare metal hosting. Organizations of every size, now, can take advantage of the power of security automation.
So is AWS secure?
Not incidentally, all these cool automation features are why AWS was created in the first place. Amazon, the eCommerce God, did not just require endless compute power, they wanted a layer of abstraction between their developers and their systems that enabled them to test and ship new features more quickly. No matter where you host your workloads, it will likely be your staff that exposes you to security threats, not AWS. (95% of security attacks are the result of human error, according to Gartner.)
In the end, there are secure AWS environments and unsecure AWS environments; it is the team that controls your AWS environment that makes the difference. Migrating to AWS soon or planning? You may not want to “wing it” and get some AWS certified professionals involved.