best security practices on aws cloud
TRANSCRIPT
Since the AWS eliminates any on location equipment, security
is the vital significance.
AWS recognizes this and provides a host of services to tackle
to handle all known security issues, and to help add levels of
security to your information.
At last however, it is the customer’s obligation to discover the
confidentiality, integrity and accessibility of their information as
indicated by their business necessities.
Some Best Practices For Data Security
Resource and User Policies
Managing Encryption Keys
Protecting Data at Rest and in Transit in AWS
Managing Decommissioned Data
When a client has been verified, you can control the resource
they have approval over utilizing the resource policies or
capability policies.
Resource policies get to be connected to the resource, and
contain inside them the rules of what could be done with the
resource.
The capability policies are user specific.
They control what the User has consent to do, either straight
forward or by implication through an IAM (Identity and Access
Management) bunch.
IAM focuses on company–wide access arrangements, as they
can override the Resource policies.
IAM policies are flexible and adaptable. You can decide to limit
access to a particular source IP address range.
The IP address range can even be change by taking into
account a different days or times during the day you need
User to have a suitable level of security
Any security measure that includes encryption obliges a key,
and AWS gives various choices to keep that key secure.
It is fundamental that the keys be put away in cryptographic
sealed stockpiling, and AWS gives such a HSM (Hardware
Security Module) service in the cloud itself, known as AWS
CloudHSM.
If you want to store the keys on premise, make sure you move
them over a secure connection. For example, the AWS Direct
Connect with IPSec.
It is advisable to duplicate CloudHSMs in shifted Availability
Zones for higher resilience and ready availability.
As in all security sectors, your best friends are permissions.
Restrict access on a need-to-know basis with permissions.
Encrypt your data and perform Data Security Checks such as
MACs (Message Authentication Codes) and HMACs (Hashed
MACs) to ensure that the data integrity is not compromised, be
it with malicious intent or harmless mistakes.
Use versioning in the S3 and backup your data for restoration if
some fault is detected.
The Amazon DynamoDB provides automatic data replication
between geographically separate Availability Zones to ensure
data backup in case of compromise or natural disasters.
The same will apply for data in transit, but since the cloud
communicates over the internet for data transfer, add security
measures for the protection of communication channels.
Use SSL/TLS with server certificate authentication or
Alternative Name (AN/SAN) to ensure that the remote end is
not an imposter or attacker.
In AWS, the physical media putting away the information is not
decommissioned. Rather the capacity units are stamped as
unallocated.
Once the data has come to the end of its usefulness, the AWS
utilizes rules given by the Department of Defence to wipe out
your data.
If you require further controls into the decommissioning
process and want to ascertain that your data is irrecoverable,
you could implement data encryption using customer managed
keys, which are not stored in the cloud.
Once the data is decommissioned in the AWS, you can delete
your key, thus wiping out data in its entirety.
Just ensure that your data is encrypted with the right
authorizations, and use AWS services for replication and data
integrity preservation. Keep in mind that both information
very still and in transit to AWS needs to be secure
Contingent upon the level of security your business obliges,
you can alter the scope of administrations provided, and have
a safe and secure hassle free cloud server running
Read more on Amazon Web Services:
1. What The Future Holds For Amazon Web Services?
3. Top Reasons To Use AWS Services For Manufacturing Industries
2. Amazon Web Services: Next Generation Of Cloud Computing
Thank you for Reading!
Would Like to know more? Write to us at: [email protected]
http://www.intelligentia.co.in/
www.facebook.com/intelligentia.in
http://www.twitter.com/_intelligentia
http://www.linkedin.com/company/intelligentia-it-system