Best Security

Practices On AWS

Cloud

Since the AWS eliminates any on location equipment, security

is the vital significance.

AWS recognizes this and provides a host of services to tackle

to handle all known security issues, and to help add levels of

security to your information.

At last however, it is the customer’s obligation to discover the

confidentiality, integrity and accessibility of their information as

indicated by their business necessities.

Some Best Practices For Data Security

Resource and User Policies

Managing Encryption Keys

Protecting Data at Rest and in Transit in AWS

Managing Decommissioned Data

Resource and User Policies

When a client has been verified, you can control the resource

they have approval over utilizing the resource policies or

capability policies.

Resource policies get to be connected to the resource, and

contain inside them the rules of what could be done with the

resource.

The capability policies are user specific.

They control what the User has consent to do, either straight

forward or by implication through an IAM (Identity and Access

Management) bunch.

IAM focuses on company–wide access arrangements, as they

can override the Resource policies.

IAM policies are flexible and adaptable. You can decide to limit

access to a particular source IP address range.

The IP address range can even be change by taking into

account a different days or times during the day you need

User to have a suitable level of security

Managing Encryption Keys

Any security measure that includes encryption obliges a key,

and AWS gives various choices to keep that key secure.

It is fundamental that the keys be put away in cryptographic

sealed stockpiling, and AWS gives such a HSM (Hardware

Security Module) service in the cloud itself, known as AWS

CloudHSM.

If you want to store the keys on premise, make sure you move

them over a secure connection. For example, the AWS Direct

Connect with IPSec.

It is advisable to duplicate CloudHSMs in shifted Availability

Zones for higher resilience and ready availability.

Protecting Data at Rest and in

Transit in AWS

As in all security sectors, your best friends are permissions.

Restrict access on a need-to-know basis with permissions.

Encrypt your data and perform Data Security Checks such as

MACs (Message Authentication Codes) and HMACs (Hashed

MACs) to ensure that the data integrity is not compromised, be

it with malicious intent or harmless mistakes.

Use versioning in the S3 and backup your data for restoration if

some fault is detected.

The Amazon DynamoDB provides automatic data replication

between geographically separate Availability Zones to ensure

data backup in case of compromise or natural disasters.

The same will apply for data in transit, but since the cloud

communicates over the internet for data transfer, add security

measures for the protection of communication channels.

Use SSL/TLS with server certificate authentication or

Alternative Name (AN/SAN) to ensure that the remote end is

not an imposter or attacker.

Managing Decommissioned

Data

In AWS, the physical media putting away the information is not

decommissioned. Rather the capacity units are stamped as

unallocated.

Once the data has come to the end of its usefulness, the AWS

utilizes rules given by the Department of Defence to wipe out

your data.

If you require further controls into the decommissioning

process and want to ascertain that your data is irrecoverable,

you could implement data encryption using customer managed

keys, which are not stored in the cloud.

Once the data is decommissioned in the AWS, you can delete

your key, thus wiping out data in its entirety.

Just ensure that your data is encrypted with the right

authorizations, and use AWS services for replication and data

integrity preservation. Keep in mind that both information

very still and in transit to AWS needs to be secure

Contingent upon the level of security your business obliges,

you can alter the scope of administrations provided, and have

a safe and secure hassle free cloud server running

Read more on Amazon Web Services:

1. What The Future Holds For Amazon Web Services?

3. Top Reasons To Use AWS Services For Manufacturing Industries

2. Amazon Web Services: Next Generation Of Cloud Computing

Thank you for Reading!

Would Like to know more? Write to us at: askus@intelligentia.in

http://www.intelligentia.co.in/

www.facebook.com/intelligentia.in

http://www.twitter.com/_intelligentia

http://www.linkedin.com/company/intelligentia-it-system