SoftwareOne logo

5.5 min to readCloud Services

How to stay secure in the cloud with AWS

Craig Tunstall
Craig TunstallAWS Cloud Consultant
A woman jogging down a set of stairs.

Wherever you are on your cloud journey – whether your organisation is just starting to think about migrating from on premises or you’ve been operating in the cloud for years – security is always a critical priority. But because it’s so easy to add new services and grow on the cloud, there’s an ever-present risk you might miss some essential precautions.

Good security means implementing the right technologies, but it also depends on people and processes. Leave gaps in any of these areas, and the chances of a security breach or another failure increase. You also need to keep up with the rapid changes in tools, capabilities and threats, to make sure you don’t introduce any vulnerabilities as your business grows.

The good news is that Amazon Web Services (AWS) offers a wide range of services to help you stay on top of your security needs. And as an AWS Premier Partner with expertise in those services, SoftwareOne can guide you in building a comprehensive security foundation in the cloud.

Cloud migration needs a solid security foundation

If you aren’t yet in the cloud but are thinking about moving to AWS, SoftwareOne can help you get started on the right foot with the help of the AWS Migration Acceleration Program (MAP). This includes an AWS Well-Architected review, which provides a lot of insights into the best security strategies for your organisation and also helps you understand what your costs will be.

AWS Well-Architected can also help if you’re already in the cloud but are looking to optimise your security practices. It’s a relatively quick process that can be done in a day or two.

A key thing to understand when you’re moving to the cloud is that hyperscalers invest heavily to secure their infrastructure. That means security issues are more often down to how users configure and manage the applications on top of that cloud infrastructure.

With its Shared Responsibility Model, AWS is responsible for security of the cloud – that is, it protects all of the hardware, software and other infrastructure that your cloud services run on. Customers, on the other hand, are responsible for security in the cloud. That means configuring and managing services to follow best practices in security, such as using identity management with multifactor authentication, encrypting sensitive data, setting permissions so users can access only the tasks required for their jobs (the principle of least privilege), and regularly rotating passwords and access keys.

For a deeper dive into your security needs, SoftwareOne can conduct a security posture assessment that will identify gaps in detail. This assessment, which we introduced about four years ago, involves a comprehensive mix of workshops with stakeholders, automated scanning of your AWS environment and manual inspections. At the end, you’ll receive an 80–90-page report that scores your current performance across many aspects of security and provides short-, medium- and long-term recommendations for strengthening your security practices.

AWS tools for every cloud security need

Whatever approach you choose, we typically enable a standard stack of AWS tools for security in the cloud and can then implement other services or customise configurations according to your organisation’s specific security needs.

One standard tool is AWS Security Hub. This provides a single pane of glass for viewing activity in your cloud environment. Monitoring can be configured according to different rules. For example, you can automate checks for compliance with common frameworks such as the Center for Internet Security (CIS) or the Payment Card Industry Data Security Standard (PCI DSS). By doing this, you can view your level of compliance with such rules on a daily basis.

AWS Config is another important service for monitoring compliance and security. This service continually assesses, audits and evaluates your cloud resource configurations, and alerts you to potential issues. For instance, if you create a rule that says all sensitive data at rest must be encrypted, AWS Config will identify when someone in your organisation launches an unencrypted instance and will share that information with AWS Security Hub, which can then generate a ticket for you to respond to.

Yet another important service for security is AWS CloudTrail. This monitors and records activity and API usage across all of your AWS user accounts, and generates logs that can be used to show your compliance with regulatory frameworks such as PCI DSS, System and Organization Controls (SOC) and the Health Insurance Portability and Accountability Act (HIPAA).

Evolving levels of threat protection with AWS services

Because security threats never stop evolving, it’s important to continuously update and expand your organisation’s security precautions. AWS and SoftwareOne both recognise how important this is, and we are always adding new capabilities to keep up with the changing threat landscape.

Launched in 2019, AWS Control Tower helps you securely set up a multi-account environment in the AWS Cloud. It’s a templatised tool with preconfigured guardrails and built-in governance. It’s almost like having an expert on call who automatically creates all of your AWS accounts following best practices. An even more comprehensive solution can be found using SoftwareOne’s Foundational Landing Zone. With this approach, SoftwareOne’s consultants build a foundational environment for the AWS cloud that not only follows best practices but can be expanded as needed to accommodate future growth.

AWS also provides ever-evolving threat detection capabilities through Amazon GuardDuty, which uses machine learning to build a model of your cloud environment and understand what’s normal and what’s anomalous.

Here at SoftwareOne, we’re working to build a system that will automate some measurement processes in our security posture assessments. This will provide our customers with more insights about how their security environment compares with others in their industry.

Innovations like these are important because – although cloud hyperscalers like AWS maintain and provide guidance on cloud security best practices, and provide very high levels of security – your environment can quickly become highly complex as you add more services and grow. Automated monitoring, machine learning, infrastructure as code and other advanced capabilities help to make sure that you’ve configured all of your services properly, enabled the right levels of protection and followed best practices for security, disaster recovery and compliance.

If you need guidance, we have the necessary AWS expertise and are ready to help. Get in touch SoftwareOne AWS experts and chart your best path forward onto AWS cloud security.

A green field with a river running through it.

Optimise your path to the cloud

Choose an experienced partner for your cloud transformation. Find out how SoftwareOne can help you start on a strong cloud foundation and accelerate your results.

Optimise your path to the cloud

Choose an experienced partner for your cloud transformation. Find out how SoftwareOne can help you start on a strong cloud foundation and accelerate your results.

Author

Craig Tunstall

Craig Tunstall
AWS Cloud Consultant

AWS cloud consultant specialised in security for AWS environments, architecting new AWS environments, helping with migration to the AWS cloud and designing and implementing continuous integration/continuous delivery (CI/CD) pipelines.