Cloud Adoption Framework (CAF) Part VI: Security Perspective

The Security perspective within the Cloud Adoption Framework is a continuation of the AWS adoption series. With the security perspective, we will cover some of the necessary security aspects related to compliance and assurance that organizations could consider as they navigate the AWS Cloud in achieving the confidentiality, integrity, and availability of their data and related workloads in AWS Cloud.

Security workloads and data residing in the public cloud is one of the pain points that keeps CISOs, Cloud Security Architects, and Engineers busy as they tend to look for that balance between security and accessibility. For this perspective, we will touch on security governance, threat detection, data protection, security assurance, vulnerability management, identity and access management, infrastructure protection, and incident response.

AWS CAF Security Perspective capabilities are shown below:

When to comes to security governance in the cloud, it is important for organizations that are taking that journey to the cloud for the first time to establish some governance based on their specific industry compliance requirements. Once that is established, organizations can then move to develop and effectively communicate security policies and procedures around the compliance requirements. Another key element of AWS cloud security governance is for organizations to review and understand their security responsibilities within the AWS Cloud shared infrastructure. Understanding this shared responsibility concept will give organizations the know-how of what precautions they need to put in place to mitigate risk. More explanation about he Shared Responsibility Model could be located at: https://aws.amazon.com/compliance/shared-responsibility-model.

Identity and access management is also a key factor to consider in cloud data and workloads protection. When considering moving and/or deploying workloads in the cloud, Identity and Access Management becomes a critical element to take into consideration. Identity and access management “helps validate that the right people and machines have access to the right resources under the right conditions.” AWS cloud have a built-in identity and access management mechanism to assist its cloud customers to manage cloud identities and to control access by users and cloud compute identities to cloud workloads. AWS cloud identity and access management could also be integrated with third-party identity tools for hybrid connectivity to customers’ datacenters and offices.

Cloud infrastructure protection is another important consideration when deploying workloads into the cloud. Customers moving into AWS Cloud need to put processes in place to ensure systems and services are validated and protected against unintended and unauthorized access and potential vulnerabilities. AWS Cloud customers are recommended to utilize security groups, network access control lists, and network firewalls to control network traffic and protect cloud workloads.

Data protection within the AWS Cloud ensures that data visibility and control is maintained, and having guardrails on how the data is accessed and used. AWS recommends data classification, lifecycle management policies, and data encryption for data retention and protection controls.

Customers adopting AWS Cloud should note that AWS takes security seriously and have all the necessary capabilities in place to empower customers to take the responsibility of protecting their workloads and resources while in AWS Cloud.

Learn more about AWS Cloud Adoption Framework

AWS Cloud Adoption Framework — overview

Cloud Adoption Framework (CAF) Part II: Making a Business Case

Cloud Adoption Framework (CAF) Part III: People Perspective

Cloud Adoption Framework (CAF) Part IV: Governance Perspective