The AWS Security Pillar

Link to latest AWS Security Framework

(No Ratings Yet)

Loading...

The Security Pillar of the AWS Well-Architected Framework is a set of best practices for building and operating secure and compliant systems on the AWS cloud platform. It provides a framework for organizations to evaluate the security of their workloads and identify potential areas of improvement.

Design Principles

Although these are part of the AWS Security pillar, these design principles are great general best practices for any cloud platform.

• Implement a strong identity foundation: Implement the principle of least privilege and enforce separation of duties with appropriate authorization for each interaction with your AWS resources. Centralize identity management, and aim to eliminate reliance on long-term static credentials.
• Maintain traceability: Monitor, alert, and audit actions and changes to your environment in real time. Integrate log and metric collection with systems to automatically investigate and take action.
• Apply security at all layers: Apply a defense in depth approach with multiple security controls. Apply to all layers (for example, edge of network, VPC, load balancing, every instance and compute service, operating system, application, and code).
• Automate security best practices: Automated software-based security mechanisms improve your ability to securely scale more rapidly and cost-effectively. Create secure architectures, including the implementation of controls that are defined and managed as code in version-controlled templates.
• Protect data in transit and at rest: Classify your data into sensitivity levels and use mechanisms, such as encryption, tokenization, and access control where appropriate.
• Keep people away from data: Use mechanisms and tools to reduce or eliminate the need for direct access or manual processing of data. This reduces the risk of mishandling or modification and human error when handling sensitive data.
• Prepare for security events: Prepare for an incident by having incident management and investigation policy and processes that align to your organizational requirements. Run incident response simulations and use tools with automation to increase your speed for detection, investigation, and recovery.

What are the best practice areas of the Security Pillar?

The Security Pillar of the AWS Well-Architected Framework consists of several best practice areas, including:

1. General Security Foundations: Take requirements and processes that you have defined in operational excellence at an organizational and workload level, and apply them to all areas.
2. Identity and Access Management (IAM): IAM refers to the management of identities, authentication, and authorization for users, applications, and services. The IAM best practices ensure that access to resources is controlled and monitored, and authentication mechanisms are secure and robust.
3. Detective Controls: Detective controls refer to the measures taken to detect security incidents and anomalies, such as intrusion detection, log analysis, and security monitoring. The best practices in this area ensure that the security posture of the workload is continually monitored and maintained.
4. Infrastructure Protection: Infrastructure protection refers to the measures taken to secure the underlying infrastructure that supports the workload, including physical security, network security, and endpoint protection. The best practices in this area ensure that the infrastructure is secure and resilient to attacks.
5. Data Protection: Data protection refers to the measures taken to protect data in transit and at rest, including encryption, key management, and data classification. The best practices in this area ensure that data is protected from unauthorized access and that it is stored and transmitted securely.
6. Incident Response: Incident response refers to the measures taken to prepare for, detect, respond to, and recover from security incidents. The best practices in this area ensure that organizations are prepared to respond effectively to security incidents, minimizing their impact and reducing recovery time.
7. Application Security (AppSec): The overall process of how you design, build, and test the security properties of the workloads you develop.

How does it relate to the AWS Security Reference Architecture?

The AWS Security Reference Architecture is a comprehensive guide that provides organizations with prescriptive guidance on how to implement the best practices in the Security Pillar of the AWS Well-Architected Framework. It provides architectural patterns and recommended designs for securing various types of workloads, such as web applications, big data, and virtual private clouds. The Security Reference Architecture aligns with the Security Pillar of the Well-Architected Framework and provides organizations with a framework for building and maintaining secure infrastructure on AWS.

In conclusion, the Security Pillar of the AWS Well-Architected Framework is a critical aspect of building and operating secure and compliant workloads on the AWS cloud platform. The best practices in the Security Pillar cover various areas, including IAM, detective controls, infrastructure protection, data protection, and incident response. The AWS Security Reference Architecture provides organizations with prescriptive guidance on how to implement these best practices, ensuring that their cloud-based workloads are secure, compliant, and resilient.