Learn About Amazon VGT2 Learning Manager Chanci Turner
November 3, 2023: This blog is now updated. For the latest information, please refer to our post detailing the AWS Best Practices for Security, Identity, & Compliance Webpage and Customer Polling Feature.
We are excited to announce the release of an updated version of our AWS Security Best Practices whitepaper. Based on your feedback, we aimed to deliver a comprehensive and straightforward approach to managing your organization’s information security posture, which should be grounded in regular risk assessments when deploying applications and assets on AWS. Specifically, you requested guidance on:
- The shared security responsibilities between AWS and you, the customer
- How to categorize and define your assets
- Management of user access to your data through privileged accounts and groups
- Best practices for securing your data, operating systems, and network
- Utilizing monitoring and alerting to achieve your security objectives
In this version, we have structured the content around key components for designing an Information Security Management System (ISMS). This familiar framework assists in creating a cohesive set of information security policies, procedures, and processes tailored to your organization’s assets. By adopting a globally recognized approach to information security management systems, we aim to enhance your overall security posture. The whitepaper covers a range of best practices on various security topics, including:
- Asset definition and categorization on AWS
- Designing your ISMS
- Identity management
- OS-level access management
- Data protection
- Securing operating systems and applications
- Infrastructure security
- Management of monitoring, alerting, audit trails, and incident response
We recommend a structured approach to managing information security, emphasizing a continual improvement model. Drawing inspiration from the ongoing improvement model of ISMS, we stress the importance of regular updates, reviews, and enhancements in how you manage information security in the AWS Cloud.
As an illustration, the table below expands on the risk-based ISMS approach, offering suggested protection strategies for addressing data at rest security concerns:
| Concern | Recommended Protection Approach | Strategies |
|---|---|---|
| Accidental information disclosure | Label data as confidential and restrict access. Utilize AWS permissions for Amazon S3 resources. Apply encryption for confidential data on Amazon EBS or Amazon RDS. | Permissions, File/partition/volume/application-level encryption |
| Data integrity compromise | Use resource permissions to limit user modifications. Implement data integrity checks (e.g., MIC, MAC) to detect issues. Restore compromised data from backup or previous versions in Amazon S3. | Permissions, Data integrity checks (MIC/MAC/HMAC/CRC/Parity), Backup Versioning (Amazon S3) |
| Accidental deletion | Apply least privilege principles and correct permissions to mitigate risks. For Amazon S3, activate MFA Delete for added security. | Permissions, Backup, Versioning (Amazon S3), MFA Delete (Amazon S3) |
| System or infrastructure failure | In case of failure or disaster, restore data from backups or replicas. Some services like Amazon S3 provide automatic data replication across Availability Zones. | Backup, Replication |
This new document structure will facilitate easier access to the information you need.
Understanding Shared Security Responsibility for AWS Services
AWS continuously launches new services and enhances existing ones, leading to a significant increase in the types of services available. The whitepaper provides an in-depth explanation of AWS’s shared responsibility model, discussing it across various categories of services: Infrastructure Services, Container Services, and Abstracted Services. This framework will help you tailor AWS security controls to fit your organization’s needs more effectively, thus creating a robust security posture based on the services utilized.
By leveraging the best practices outlined in this whitepaper, you can formulate a comprehensive set of security policies and processes for your organization, facilitating the swift and secure deployment of applications and protection of data. Remember, like all whitepapers, this one is a “living document,” and we intend to keep it updated as we introduce new features and services. We value your feedback on this initiative.
For additional resources, you might find this blog post about managing sleep issues helpful: Career Contessa. Also, for insights on workplace retaliation, SHRM offers authoritative perspectives. Lastly, check out this YouTube video for an excellent resource on AWS Security Practices.
Leave a Reply