{"id":39510,"date":"2013-07-16T05:01:00","date_gmt":"2013-07-15T23:31:00","guid":{"rendered":"https:\/\/blazeclan.com\/blog\/understanding-security-best-practices-on-aws-cloud\/"},"modified":"2023-03-29T15:58:04","modified_gmt":"2023-03-29T10:28:04","slug":"understanding-security-best-practices-on-aws-cloud","status":"publish","type":"post","link":"https:\/\/blazeclan.com\/asean\/blog\/understanding-security-best-practices-on-aws-cloud\/","title":{"rendered":"Understanding Security Best Practices on AWS Cloud"},"content":{"rendered":" All about Cloud security\n

We often talk about Security on Cloud as a new and uncharted phenomenon but if we look closely <\/span>\u201cCloud Security\u2019 is no different than <\/span>“On-Premise IT Security”. There are some differences though and one of the most important security aspect which changes from your “On-Premise IT” to “Cloud” is that “the Security on the Cloud is a Shared Responsibility<\/strong>“. Hence it becomes imperative for us to understand the responsibilities of both the provider and consumer,  eg: <\/span>Web application security, SQL injections, phishing etc. are common for on-premise or cloud hosted applications.<\/span><\/span><\/p>\n

<\/div>\n
Security components on “Cloud” or on “On-premise” broadly includes the following three points,<\/div>\n 3 Components of Security\n
\n
    \n
  1. \n
    Infrastructure Security –<\/strong> Provider\u2019s responsibility<\/strong>, one needs to understand how the provider secures its own infrastructure<\/div>\n<\/li>\n
  2. \n
    Application Security –<\/strong> Developer\u2019s responsibility<\/strong>, one needs to understand and implement security for an application on Cloud<\/div>\n<\/li>\n
  3. \n
    Services Security –<\/strong> Developer\u2019s responsibility<\/strong> to use security options provided by the Provider<\/span><\/div>\n<\/li>\n<\/ol>\n<\/div>\n
    Now lets look at the different security layers which one needs to consider while building applications on AWS cloud,<\/span><\/div>\n
      \n
    1. Physical Security on AWS – <\/span><\/span><\/strong>AWS has a global infrastructure f<\/span><\/span>acility with a high level of physical security. This infrastructure is d<\/span>istributed in multiple Regions with Availability Zones (AZs). These <\/span>AZs are physically separated and are designed as independent failure zones. <\/span>Facilities are Controlled and Non-descript, access to which is <\/span>need-based with two factor authentication. Developers can leverage this infrastructure to create fault tolerant and self healing applications.<\/span><\/li>\n
    2. Network Security – <\/span><\/strong><\/strong>AWS network provides significant protection against traditional network security issues and the developers can implement further protection. Some of the network security features which AWS has are <\/span>Distributed Denial of Service (DDoS) mitigation, <\/span><\/span>\n
      IP spoofing prohibited.<\/div>\n
      IP scanning prohibited,<\/div>\n
      Packet sniffing prevented,<\/div>\n
      All API endpoints are protected by SSL. Please refer “AWS – Overview of Security Processes<\/a>” for further details.<\/div>\n<\/li>\n
    3. Security for Data <\/strong>– AWS offers accessibility of data stored on S3 via SSL encrypted endpoints, which helps developers to protect data in transit as well as at rest. AWS also takes certain steps while decommissioning of storage devices to ensure maximum data security, for example storage devices are Degaussed or Physically Destroyed (based on the type of device) before it’s moved out of any AWS region. So one can be assured that data even on a end of life hardware would not be exposed to unauthorized usage.<\/span><\/li>\n
    4. Operating System –  <\/span><\/strong><\/strong>Multiple levels of security on Amazon EC2 is provided to ensure that data within EC2 cannot be intercepted by non-authorized systems or users.<\/span>\n