3.4 AWS CLOUD & DATA SECURITY
AWS provides capabilities across all of your locations, your networks, software and business processes meeting the strictest security requirements that are continually audited for the broadest range of security certifications.
Security at AWS is the highest priority. As an AWS customer, you benefit from a data center and network architecture built to meet the requirements of the most security-sensitive customers. Your data and applications are far more secure on AWS than in your own office.
Government, education and nonprofit organizations face unique challenges to accomplish complex missions with limited resources. Public sector leaders engaged in true cloud computing projects overwhelmingly turn to the power and speed of AWS when they want to serve citizens more effectively, achieve scientific breakthroughs, reach broader constituents and put more of their time and resources into their core missions – yet meet all regulatory, compliance, and security mandatory requirements.
The AWS cloud provides governance capabilities enabling continuous monitoring of configuration changes to your IT resources as well as giving you the ability to leverage multiple native AWS security and encryption features for a higher level of data protection and compliance – security at every level up to the most stringent government compliance no matter what your industry. AWS now serves more than 2,300 government, 7,000 education and 22,000 nonprofit organizations worldwide including the U.S. Government, the U.S. Intelligence Community & the U.S. Department of Defense, and NASA/JPL.
AWS provides several security capabilities and services to increase privacy and control network access, including network firewalls built into Amazon VPC, data encryption in Amazon S3 and connectivity options that enable private or dedicated connections from your on-premises environment. Data encryption in transit & at rest.
AWS uses a “Shared Responsibility Model” when it comes to security. The reason for this is that not every customer wants everything locked down in the same manner. While AWS manages security of the cloud, security in the cloud is the responsibility of the customer. Customers retain control of what security they choose to implement to protect their own content, platform, applications, systems and networks, no differently than they would for applications in an on-site datacenter.
To read AWS Security Best Practices, read this.
AWS has a tiered competency-badged network of partners that provide application development expertise, managed services and professional services such as data migration. This ecosystem, along with AWS’s training and certification programs, makes it easy to adopt and operate AWS in a best-practice fashion.
Recommended AWS Marketplace Security Solutions for Security are presented in an overview manner below. For more detail, visit this page.
Below I’ll overview some of the recommended ISVs for specific security solution in AWS Marketplace:
- Infrastructure Security: Help identify and protect your applications and infrastructure from cyber-attacks and other advanced threats vectors. Each solution in each security category has different features, so you’ll need to read about each solution’s features by clicking on the links to see which one best solves your security concerns:
- Barracuda Web Application Firewall (free trial available)
- Check Point vSEC – Next Generation Firewall & Threat Prevention (free trial available)
- Trend Micro Deep Security
- Alert Logic Threat Manager with ActiveWatch for AWS
- (Intel Security) McAfee Public Cloud Server Security Suite (free trial available)
- Symantic Endpoint Protection (free trial available)
- Sophos UTM 9 (Auto Scaling PAYG) (free trial available)
- Fortinet FortiGate-VM (free trial available)
- Paloalto VM-Series Next-Generation Firewall Bundle 2 (free trial available)
- Imperva SecureSphere WAF AV1000 Gateway v11.0 and Above for AWS (free trial available)
- Configuration & Vulnerability Analysis: Tools to help you inspect application deployments for security risks and vulnerabilities, while receiving priorities and advice to assist with remediation:
- Logging & Monitoring: Help maintain visibility and auditability of activity in your application infrastructure and receive policy-driven alerting, and reporting:
- Data Protection: Assist with safeguarding your data from unauthorized disclosure and modification, through encryption, key management, and policy-driven controls:
You can read the AWS Marketplace “Security Solutions on AWS” whitepaper here.
Access comprehensive developer documents on AWS Security Resources here.
Read the previous post here.
Read the next post here.