It’s critical that anyone involved with AWS Cloud understands AWS Security best practice. See, just as cloud changes the way organisations run workloads, it also changes how they need to approach security. This also impacts how they approach AWS Security Training.
Werner Vogels, AWS CTO, put it best when he spoke about AWS Security at re:Invent in 2017:
“Security is everyone’s job now, not just the security team’s. With continuous integration and continuous deployment, all developers have to be security engineers … we move too fast for there to be time for reviews by the security team beforehand.”
But how can you ensure your team has the skills to keep your data and workloads secure?
What sort of training is available?
And, when it comes to security, what is your team’s responsibility and what responsibility belongs to AWS?
Read on to discover the answers to these questions and get a primer on all things security.
Click on any of these links and you’ll be taken to the corresponding section:
- How AWS Secures your Data
- AWS Security Features
- The AWS Shared Responsibility Model
- AWS Security Training
AWS is designed to help organisations build secure, high-performing, resilient, and efficient infrastructure for their applications. World-class security experts monitor AWS security infrastructure as well as build and maintain a broad selection of security services.
Here’s some of the other ways AWS keeps your workloads, applications and data safe:
- Data protection: AWS uses encryption, key management and threat detection services to protect your data
- Identity and access management: Identity services allow you to manage access to your organisation’s workloads and customer-facing applications
- Infrastructure protection: AWS protects web applications by filtering traffic based on rules that you create
- Threat detection and continuous monitoring: AWS continuously monitors network activity and account behavior within your cloud environment
- Compliance and data privacy: AWS gives you a comprehensive view of your compliance status. Automated compliance checks continuously monitor your cloud environment.=
The Australian Cyber Security Centre (ACSC) has awarded PROTECTED certification to 64 AWS Cloud services.
PROTECTED is the highest data security certification available in Australia for cloud service providers. AWS offers the most PROTECTED services of any public cloud service provider.
Now it’s time to explore the specific security features available to AWS Cloud users.
Security that Scales
As an AWS Cloud user you have control over where your data is stored and who can access it.
AWS utilises fine-grain identity and access controls combined with continuous monitoring to provide you with real-time security information. This ensures that the right resources have the right access at all times.
AWS Partners and Solutions Network
AWS has a network of carefully selected security consulting partners. These providers can assist you with deep expertise on every stage of cloud adoption. From initial migration through to ongoing day to day management.
Automation of Security Services
Automating security tasks reduces the risk of human configuration error. This prevents mistakes and gives your security team more time to focus on other critical work.
AWS has a wide range of deeply integrated solutions that can be combined to automate tasks. This makes it easier for your security team to work closely with your development and operations teams. This leads to faster, and more secure creations and deployment of code.
Security and Compliance Controls
To aid organisation’s compliance efforts, AWS regularly achieves third-party validation for thousands of global compliance requirements. This includes requirements for industries like finance, retail, healthcare and government.
AWS Security Support
AWS also offers a range of security support services, these include:
- Real-time insight through Trusted Advisor
- Proactive Support and advocacy with a Technical Account Manager (TAM)
- Strategic advice for in-depth AWS security solutions
- Detect and respond to security issues with the Security Operations Playbook
- Comprehensive vulnerability reporting and the ability for users to submit vulnerabilities
When moving data and workloads into the AWS Cloud it’s critical organisations understand their security responsibilities. AWS is responsible for keeping their infrastructure secure. However, organisations and individuals also need to do their part to keep their data safe.
The best way to understand these different responsibilities is through the AWS Shared Responsibility model. As the name suggests, security and compliance is a split responsibility between AWS and the customer.
AWS is responsible for protecting the infrastructure that runs all of the services offered in the AWS Cloud. This infrastructure is composed of the hardware, software, networking, and facilities that run AWS Cloud services. This differentiation of responsibility is commonly referred to as security “of” the cloud versus security “in” the cloud.
A customer’s security responsibilities will vary depending on the services they use and how these integrate into their environment. Organisations need to be mindful of, and understand, the AWS services they use.
For example, Amazon EC2 is categorised as Infrastructure as a Service. This means it requires customers to perform all of the necessary security configuration and management tasks.
The aim of the AWS Shared Responsibility model is to increase the overall security level of the AWS Cloud. By educating customers on how they can manage and maintain strong operational protections, both AWS and their users can feel better protected.
Ensuring security in the cloud takes in-depth knowledge and understanding of IT, AWS Cloud and security concepts. This is why training is so critical.
- Roles that benefit from cloud training include:
- Security Engineers
- Security Architects
- Security Analysts
- Security Auditors
Security in the AWS cloud is not just the responsibility of your security and technical teams. It is the responsibility of every employee who interacts with the cloud. Widespread security training across teams, departments and roles is key.
Here are just some of the non-technical roles that benefit from AWS Security Training:
- Legal and Compliance roles
- Risk Management roles
- IT business-level professionals
Below is a case study from insurance provider IAG. This case study explores how the insurer used widespread security training to ensure security in their cloud environment. This also assisted to speed up migration of regulated workloads.
The more IAG migrated to the cloud, the more it was clear that having “people in the middle” translating between stakeholder groups was slowing IAG’s shift to cloud. To combat this the IAG Cloud Academy was set up.
The purpose of the IAG Cloud academy is to train everyone in the organisation in cloud. This happens through classroom training, immersion days and lunch and learns. To date, IAG has put hundreds of staff through this program.
Conversations around topics that involve multiple departments, such as security and compliance, used to take months. Thanks to the IAG Cloud Academy they only take days, or in some cases, just a few hours.
The IAG Cloud Academy has also sped up the migration of regulated workloads by as much as four times.
For non-technical staff who need to understand security in the cloud, AWS Security Essentials training is a great starting point.
This course teaches students fundamental security concepts. These include AWS access control, data encryption methods, and how network access to your AWS infrastructure can be secured.
Find out more about AWS Security Essentials and download the Course Overview.
For technical staff that require a deeper understanding of cloud security, Security Engineering on AWS is a great fit.
Security Engineering on AWS is the only 3-day course dedicated solely to security in the AWS Cloud.
Students learn how to efficiently use security services and will get practice using tools for automation and continuous monitoring.
Find out more about Security Engineering on AWS and download the Course Overview.