AWS Security

Ask a question

What is AWS?

Simply put this is an architected secure cloud environment brought to you by a subsidiary company of Amazon; AWS stands for Amazon Web Services. AWS, known at the time as Web Services launched in 2002 and then re-launched with their cloud-based computing in 2006 under the brand AWS with a simple storage solutions service, its elastic compute cloud, and simple queue service. AWS provides on demand flexible computing services for any individual, company or government on a pay as you go service.

As a customer to AWS, you can confidently, and securely run your business in an ever-evolving automation driven environment. The core infrastructure is designed to meet stringent security requirements twenty-four hours a day and seven days a week. This infrastructure has been built for global banks, the military and extremely sensitive organisations, healthcare, retail, and government as well as the individual, enterprise, or small business.

What is AWS Cloud security

Cloud Security is a mechanism of protecting your data within an environment outside of your complete control, yet where security risks still exist and needs managing effectively.

Effectively AWS cloud security is having clear visibility of who is doing what inside your AWS cloud environment and if you have not given permission to a user who may be violating your security being notified in an effective and efficient way.

Where perimeter security focusses upon securing the edge of the network, Cloud Security encompasses all assets within that environment, mitigating similar threats and vulnerabilities as on-premise environments incur. As a consequence of this, the traditional methodology of CIA; Confidentially, Integrity and Availability, are still very much relevant. However, many businesses fail to adequately secure their cloud environments, instead believing that the Cloud provider themselves are responsible for that element. This is not the case, though explains why cloud security is overlooked, immature and misunderstood.

Cloud Security from leading experts at CloudCoCo

The false sense of security effect

In the past, organisations either retain all security responsibilities in house, or worked with an end-to-end manage service provider. The move to the public cloud has created a sense of being secure when your systems are hosted with a multi-billion dollar company, but this sense of security is false. The Public Cloud Providers do not provide end-to-end security; they only secure what belongs to them, the core infrastructure, not the systems or data held on them.

The responsibility of data ownership always resides with the data owner, rather than the Public Cloud Provider, and ultimately, GDPR and other laws apply to yourself and they will not be held liable in the event of a breach.

Securing your AWS environment

AWS has stated that the security is a ‘job zero’ which means it is everybody’s responsibility to keep data safe.

The infrastructure starts with a region and inside are availability zones and these zones are physical data centres.

These are fault tolerant in design, universally available in that they are always placed in a group or cluster so if one data centre goes down for whatever reason the second will pick up and continue running.

With AWS using the shared security responsibility model AWS are responsible for securing the regions, availability zones and the edge locations, the underlying infrastructure.

The customers are then responsible for everything they put on top of that infrastructure. So that is all data, applications, platforms, identity & access management, firewall rules and configurations, operating systems, or networks.

AWS provide all the tools but not firewalls, advanced monitoring tools, user access or uploads. By default, the security is private, and it is down to the customer to give different levels of access.

Customers give their users permission to have access to something via unique logins and can compliment this with 2 factor authentication. When new services are created in the AWS cloud the customer is asked who gets permissions to access this data.

Cloud Security image to protect your business

 

The Fortinet Adaptive Cloud Security Solutions

This is where CloudCoCo helps working with our partner Fortinet. The Fortinet Adaptive Cloud Security Solutions are designed to protect workloads and critical business applications regardless of whether the applications are hosted in on-premises data centres, private clouds or public cloud environments like AWS, Azure or Google Cloud.

Within the Fortinet Adaptive Cloud Security Solutions, the FortiGate on AWS service delivers Next Generation Firewall (NGFW) capabilities for any organisation regardless of size, with the flexibility to be deployed as a Firewall and/or VPN gateway. It enables broad protection and enables automated management for consistent enforcement and visibility across all cloud/hosting infrastructures (Public, Private and Hybrid). The FortiGate service scales from the smallest footprint in the industry to the highest capacity NGFW virtual appliance on AWS and can be deployed no time at all.

The Fortinet security services allows you to;

  • Have a holistic view of your systems security status
  • Have peace of mind of being protected by one of the most advanced security organisations on the planet
  • Have a single portal for policy management and reporting
  • Complete monitoring for all your services in 1 place

The CloudCoCo AWS Security offerings delivers a consolidated view and management system for all your hosting environments in a single portal. By using a single security approach, the management and training burdens are reduced whilst providing consistent security in a shared responsibility model from on-premises to the cloud.

For organisations with smaller or no IT teams, CloudCoCo’s Security Operation Centre can provide the management and ongoing support for your business.

The key features and benefits include:

  1. Simplified security approach utilising a single holistic view
  2. Leverage the full suite of industry leading security services available from Fortinet
  3. Reduce CAPEX overheads and ongoing maintenance costs with virtual appliances
  4. Flexible BYOL and PAYG pricing models available

CloudCoCo is expert at managing and maintaining Fortinet AWS devices, our professional services are available and approved by AWS and Fortinet, you can view our list on the AWS Marketplace

CloudCoCo Professional Service Listing on AWS Marketplace

Why use CloudCoCo’s AWS Cloud Security Offerings?

  • It is cost effective; a customer would only play for what they use making AWS highly scalable so you can use more of the service or not. Instead of building an in-house fleet of servers holding all the hardware and software needed which would be expensive to implement and maintain AWS does this for you and has a squad of specialists doing this on the daily.
  • Data security is at the forefront of AWS Security, it is one of its main pillars and they are very vigilant at protecting privacy.
  • Cloud based services are decreasing in cost and no truer than at AWS as they continue to build their customer base the cost gets pushed downwards.
  • Authenticated users. Customers can give users log ins and permissions to access to data that they want to give access to through the Fortigate dashboard. In addition to this they also give identity logins for non-human callers too like applications being used. CloudCoCo’s AWS Security Service can also be used to give timed security tokens, so a customer’s authenticated user has been given permission for only a limited time to use the token before it expires, and access is denied.
  • AWS offers over seventy services to their customers. All these services are reliable, secure, and updated on a regular basis offering the optimal server infrastructure.
  • Saves time. With the fast deployment of services AWS saves the customer lots of time.
  • Billing and management are all controlled centrally.
  • It has hybrid capabilities, useful for customers that need to scale capacity up and down.
  • AWS has a modify capacity capability, customers can add and remove storage and services very easily.
  • Applications can be deployed around the globe in just a few simple clicks.