Simply put this is an architected secure cloud environment brought to you by a subsidiary company of Amazon; AWS stands for Amazon Web Services. AWS, known at the time as Web Services launched in 2002 and then re-launched with their cloud-based computing in 2006 under the brand AWS with a simple storage solutions service, its elastic compute cloud, and simple queue service. AWS provides on demand flexible computing services for any individual, company or government on a pay as you go service.
As a customer to AWS, you can confidently, and securely run your business in an ever-evolving automation driven environment. The core infrastructure is designed to meet stringent security requirements twenty-four hours a day and seven days a week. This infrastructure has been built for global banks, the military and extremely sensitive organisations, healthcare, retail, and government as well as the individual, enterprise, or small business.
Cloud Security is a mechanism of protecting your data within an environment outside of your complete control, yet where security risks still exist and needs managing effectively.
Effectively AWS cloud security is having clear visibility of who is doing what inside your AWS cloud environment and if you have not given permission to a user who may be violating your security being notified in an effective and efficient way.
Where perimeter security focusses upon securing the edge of the network, Cloud Security encompasses all assets within that environment, mitigating similar threats and vulnerabilities as on-premise environments incur. As a consequence of this, the traditional methodology of CIA; Confidentially, Integrity and Availability, are still very much relevant. However, many businesses fail to adequately secure their cloud environments, instead believing that the Cloud provider themselves are responsible for that element. This is not the case, though explains why cloud security is overlooked, immature and misunderstood.
In the past, organisations either retain all security responsibilities in house, or worked with an end-to-end manage service provider. The move to the public cloud has created a sense of being secure when your systems are hosted with a multi-billion dollar company, but this sense of security is false. The Public Cloud Providers do not provide end-to-end security; they only secure what belongs to them, the core infrastructure, not the systems or data held on them.
The responsibility of data ownership always resides with the data owner, rather than the Public Cloud Provider, and ultimately, GDPR and other laws apply to yourself and they will not be held liable in the event of a breach.
AWS has stated that the security is a ‘job zero’ which means it is everybody’s responsibility to keep data safe.
The infrastructure starts with a region and inside are availability zones and these zones are physical data centres.
These are fault tolerant in design, universally available in that they are always placed in a group or cluster so if one data centre goes down for whatever reason the second will pick up and continue running.
With AWS using the shared security responsibility model AWS are responsible for securing the regions, availability zones and the edge locations, the underlying infrastructure.
The customers are then responsible for everything they put on top of that infrastructure. So that is all data, applications, platforms, identity & access management, firewall rules and configurations, operating systems, or networks.
AWS provide all the tools but not firewalls, advanced monitoring tools, user access or uploads. By default, the security is private, and it is down to the customer to give different levels of access.
Customers give their users permission to have access to something via unique logins and can compliment this with 2 factor authentication. When new services are created in the AWS cloud the customer is asked who gets permissions to access this data.
This is where CloudCoCo helps working with our partner Fortinet. The Fortinet Adaptive Cloud Security Solutions are designed to protect workloads and critical business applications regardless of whether the applications are hosted in on-premises data centres, private clouds or public cloud environments like AWS, Azure or Google Cloud.
Within the Fortinet Adaptive Cloud Security Solutions, the FortiGate on AWS service delivers Next Generation Firewall (NGFW) capabilities for any organisation regardless of size, with the flexibility to be deployed as a Firewall and/or VPN gateway. It enables broad protection and enables automated management for consistent enforcement and visibility across all cloud/hosting infrastructures (Public, Private and Hybrid). The FortiGate service scales from the smallest footprint in the industry to the highest capacity NGFW virtual appliance on AWS and can be deployed no time at all.
The Fortinet security services allows you to;
The CloudCoCo AWS Security offerings delivers a consolidated view and management system for all your hosting environments in a single portal. By using a single security approach, the management and training burdens are reduced whilst providing consistent security in a shared responsibility model from on-premises to the cloud.
For organisations with smaller or no IT teams, CloudCoCo’s Security Operation Centre can provide the management and ongoing support for your business.
The key features and benefits include:
CloudCoCo is expert at managing and maintaining Fortinet AWS devices, our professional services are available and approved by AWS and Fortinet, you can view our list on the AWS Marketplace