Many organizations depend on Amazon Web Services for critical pieces of their infrastructure, including storing large amounts of sensitive data. To keep this information safe, AWS provides users a wide variety of security services that work together to limit access to authorized users. Security on Amazon Web Services (AWS) is the customizable collection of protections built to provide AWS customers with a safe space to control their accounts.
The AWS Shared Security Model
In general, AWS sees its responsibility as ensuring the security ‘of’ the cloud, while customers are responsible for ensuring their own security ‘in’ the cloud. In practice, this means that customers can rely on AWS global infrastructure in general, and on the safety of their data when used together with properly-configured compute and storage resources. However, areas like content, identity and access management, encryption, and OS configuration are the responsibility of the customer.
AWS Security Features
- Identity and Access Management: a framework for managing of digital identities. Exclusively cloud-centric, IAM gives IT managers control over users access to sensitive data by defining ‘access roles’, then placing users in said roles based on their security privileges.
- Elastic Load Balancer: built and provided by AWS, an ELB can help mitigate DDoS style attacks. An ELB can protect applications by moving traffic to multiple server instances during high traffic loads.
- AWS VPC: a virtual private cloud service, which can assist in a fully customizable and secure connection between both client and server.
- AWS Monitoring: through tools like AWS Cloudwatch and EC2 Scripted Monitoring, both of which serve as fully featured monitoring services. Constant monitoring will help to catch any security breach immediately. With Amazon’s monitoring services, this process can be automated to avoid any delays in catching a serious breach.
- Certificate Management: a service customers can use to provision, manage, and deploy Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services. SSL/TLS certificates are used to secure network communications and establish the identity of websites over the Internet.
- Client/Server Side Encryption Tools: Client-side encryption refers to encrypting data before sending it to Amazon S3. You have the following two options for using data encryption keys. Use an AWS KMS-managed customer master key. Server-side encryption is about data encryption at rest—that is, Amazon S3 encrypts your data at the object level as it writes it to disks in its data centers and decrypts it for you when you access it.
- Hardware Security Modules: AWS CloudHSM is a cloud-based hardware security module (HSM) that enables you to easily generate and use your own encryption keys on the AWS Cloud. With CloudHSM, you can manage your own encryption keys using FIPS 140-2 Level 3 validated HSMs.
- Web Application Firewalls: helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. AWS WAF gives you control over which traffic to allow or block to your web applications by defining customizable web security rules.
- Data Encryption: capabilities available in AWS storage and database services, such as EBS, S3, Glacier, Oracle RDS, SQL Server RDS, and Redshift.
- Key Management: including AWS Key Management Service, allows the user to choose to have AWS manage the encryption keys or to maintain independent control of them.
- Encrypted Message Queues: for transmitting sensitive data using encryption in the server side.
- Integration APIs: integrate encryption and data protection with any of the services in an AWS environment.
AWS is built to provide scalable security solutions. With over 1800 security controls, AWS can often provide a much stronger level of protection, especially for smaller businesses, than could be built in house. An advantage of the AWS cloud is that it lets its users expand and innovate while being guaranteed a safe and secure cloud environment. Customers only have to pay for the services they actually use, which relieves upfront expenses, all while maintaining at a lower cost than an on-premises work environment. AWS Security is built around giving the user as much or as little power as they want.
- Blog: Barracuda Achieves AWS Security Competency
- Datasheet: Barracuda Email Security Gateway for AWS
- Datasheet: Barracuda Firewall Control Center for AWS
How Barracuda Can Help
Barracuda offers two products to secure your AWS environment:
The Barracuda CloudGen Firewall for AWS provides native network protection to AWS and hybrid networks. It helps ensure reliable access to applications and data running in AWS with full support for auto-scaling and metered billing.
The Barracuda CloudGen WAF for AWS protects AWS-hosted websites and web-facing applications from thousands of types of cyber-attacks, automatically integrates security into your application deployments, and accelerates application delivery.
Do you have more questions about AWS Security? Contact us today.