Oct 7, 2020 Cloud Hosting

How Does AWS Protect Your Online Security?

Amazon Web Services (AWS) is one of the largest providers of on-demand, cloud-based infrastructure in the world. AWS powers some of the most popular websites, applications, and online services available. While you can rest assured that AWS takes security very seriously, it’s worth taking a closer look to understand exactly how your application or website is protected.

As a premier provider of managed services for AWS, we’re here to answer your questions about what you can expect. And if you need help building a secure AWS environment, be sure to reach out to us directly.

What is the AWS Security Process?

AWS bases its security on four key principles: Prevent, Detect, Respond, Remediate.

Each of these areas has particular security tools associated with it, providing a comprehensive approach to keeping websites, data, networks, applications, and customers safe.

Prevent

Prevent focuses on robust identity protection, fine-tuned user permissions, and deep protection for both infrastructure and data.

AWS cloud security features that fall into Prevent include:

  • Identity and access management (IAM) that securely manages admin and user access to your online resources and services.
  • Single Sign On (SSO) services that allow for initial, robust authentication and then provide access to online resources defined by the permissions you set.
  • Application identity management and Active Directory protection for your web and app presence.
  • Sharing of AWS resources across your entire cloud-based infrastructure, with built-in cloud security.
  • Key storage and management to allow encrypted access to AWS and your online services, together with SSL and TLS certificate provisioning, management, and deployment.
  • Hardware-based key storage to help you comply with regulations.
  • Web application firewall (WAF) to detect and filter problematic traffic, together with centralized management of firewall rules.
  • Centralized governance and management across all AWS accounts for better compliance and adherence to regulatory standards.

Detect

Detect offers rigorous and comprehensive intrusion detection, threat identification, network activity monitoring, and reporting services that can be shared with other services to provide strong auditing, testing, and event management.

AWS cloud security features that fall into Detect include:

  • A centralized AWS security hub that detects intrusions and maintains compliance.
  • Automated threat detection that continually monitors the AWS environment for malicious activity and unauthorized behavior.
  • Detection of sensitive data across the entire AWS environment.
  • Inspection services for AWS-hosted applications to identify security vulnerabilities.
  • Configuration and evaluation of AWS security across the entire environment.
  • Tracking and auditing of user and API activity.
  • Complete protection for Internet of Things (IoT) devices.

Respond

Respond automates security protection, including incident response, backups, and disaster recovery. This allows a security team to focus on the most important and urgent incidents, using a proactive, root-cause identification approach.

This principle specifically includes:

  • Infrastructure and Distributed Denial of Service (DDoS) attack protection.
  • Automatic investigation of potential security problems.

Remediate

Remediate encompasses security events that automatically defend the network, strengthening security across your AWS environment.

All AWS cloud security is deeply integrated, leading to resilient protection:

  • Complete backup services for continuous backup, point-in-time backup, mirroring, and snapshots.
  • Disaster recovery to allow for business continuity following a significant security event.

Can Amazon Web Services Help to Lower Security Risks?

Short answer, yes. In addition to all the tools that AWS lets you deploy, the AWS environment itself is built from the ground up to provide deep, integrated security throughout its services. It achieves this in several ways.

Control Over Your Data

AWS allows you fine-grained control over where your data is stored and who has access to it. This includes extremely robust identity control and permissioning, and near real-time security monitoring.

Automated Routine Security Management Tasks

You can easily automate low-level security and administrative tasks within the AWS infrastructure, which allows you to focus on higher level, value added activities.

Strong Infrastructure and Environment

AWS is built to industry best practices for data protection and security. You always own your data and can easily encrypt, move, manage, and store it. All data flowing between AWS nodes is physically encrypted to prevent interruption or data packet sniffing.

Deep Integration with Third-Party Services and Expertise

Security and consulting products and services are widely available for AWS, so you can adapt your cloud environment and get the external insight you need.

In addition to the security approaches that we’ve outlined above, AWS provides very extensive best practice guides and resources via their blog. These guides are extremely in-depth and provide deep insight into multiple aspects of securing AWS.

How Does AWS Help Me Meet Regulatory and Compliance Standards?

AWS has a fully integrated compliance program together with services dedicated to ensuring you meet regulatory needs. The standards AWS complies with include Certifications and Attestations, Laws, Regulations and Privacy, and Alignments and Frameworks.

AWS uses a “Share Responsibility” approach to compliance, to quote from their website: “Security and Compliance is a shared responsibility between AWS and the customer. This shared model can help relieve the customer’s operational burden as AWS operates, manages and controls the components from the host operating system and virtualization layer down to the physical security of the facilities in which the service operates. The customer assumes responsibility and management of the guest operating system (including updates and security patches), other associated application software as well as the configuration of the AWS provided security group firewall.”

The standards that AWS adheres to include:

Cloud Security Alliance Controls.

  • ISO 9001 Global Quality Standards.
  • ISO 27001 Security Management Controls.
  • ISO 27017 Cloud-Specific Controls.
  • ISO 27018 Personal Data Protection.
  • PCI DSS Level 1 Payment Card Standards.
  • SOC 1 Audit Controls Report.
  • SOC 2 Security, Availability, and Confidentiality Report.
  • SOC 3 General Controls Report.

In the U.S., AWS also complies with a number of standards, common ones include:

  • FERPA Educational Privacy Act
  • FedRAMP Government Data Standards
  • FISMA Federal Information Security Management
  • HIPAA Protected Health Information
  • NIST National Institute of Standards and Technology

You can find an in-depth list here.

This means you can address any compliance regulations from the start, with industry best-practice requirements built in to the foundation of AWS.

How Can Media Temple Help with AWS Managed Hosting?

We provide several services to optimize your migration and deployment of AWS cloud-based infrastructure:

  • Full assistance with migrating you from your current infrastructure onto AWS with no interruption of services.
  • Optimizing your AWS services for both cost and performance.
  • AWS-specialized engineers and consultants.

If you know that your site or application will need strong security, we help build and maintain that environment in a number of ways:

  • Compliance assistance – Even though we don’t directly audit or certify compliances like SOX or PCI, we do work with you to make changes to your environment that help you achieve your compliance goals.
  • Service configuration – Get direct assistance from us on important AWS security services. Our team provides support for a range of services including AWS Config, Security Hub, and Guard Duty.
  • Monitoring and malware removal – Our automated systems monitor your website 24/7/365. When issues are detected, we immediately begin addressing them. In the case of a malware compromise or hack, we’ll even work with our security partners at Sucuri to resolve the issue before it becomes a problem.
  • Principle of least privilege – It’s critical to security to minimize privileges to only the essential for each user. We strictly apply this to your AWS environment: All access is logged and limited to our AWS support team, who utilize it only when required.

If you want to move to scalable, cost-effective, on-demand infrastructure, the AWS cloud is a great choice. When it’s built and optimized by Media Temple – backed by our years of experience and relentless focus on customer satisfaction – your cloud environment will deliver best-in-class responsiveness, resilience, and reliability.

See how our Managed Services for AWS can help you.

About the Author Eddie Jauregui is a product manager for Media Temple's Managed Services for AWS. Having been with Media Temple for over 5 years, he makes it his personal mission to deliver simplicity-as-a-service while helping customers solve for problems through solutions in products. More by this Author