Question

On AWS security fundamental what are the three (3) most important cloud security concepts and why.

Answer 1

On AWS security fundamentals the three most important cloud security concepts are, and why these three are the most important cloud security concepts on AWS security fundamentals:

It requires understanding the Confidentiality, Integrity, and Availability (CIA) triad; examining types and categories of controls; reviewing core AWS services, knowing and reviewing common threats to AWS services.

1) AWS access control and management: AWS provides many access control and management features.
It requires understanding users and their credentials. Exploring account root user. Configuring user accounts and credentials. Learning password policies. It requires deploying AWS Identity and Access Management (IAM) service for managing access to AWS services and resources securely. This includes different IAM users, IAM groups, IAM roles, Identity and Access Management (IAM) best practices, IAM managed and custom policies, IAM federated services, AWS Security Token Service (STS), temporary credentials, and AWS Cognito service. This service or concept facilitates users defining and managing user identity, access policies, and entitlements. It also helps users for enforcing business governance that includes, user authentication, authorization, and single sign-on.

2) Different data encryption methods or options to secure sensitive data:
This comes under AWS's offering for cryptographic services. It would include how to create encrypted root volumes. It covers IPsec in AWS and AWS Certificate Manager. It covers the protection of data at rest, in transit, and while it is being used or processed in different AWS services. It is about storing and managing encryption keys in the AWS cloud.

3) Logging and monitoring: It is about understanding and implementing visibility and reporting; security reporting and logging in AWS; activating flow logs and region-based CloudTrail; includes AWS auditing; Pre-Auditing tasks; and additional AWS security services. It teaches the protection of log information. Management of logs for critical transactions. Usage of change management logs. It also teaches about audit trail, logging faults, alerting, and incident response. It also involves threat detection and analytics. AWS security services provide centralized logging, reporting, and analysis of logs for providing visibility and security insights.

* How to secure network access to your AWS infrastructure, resources, and services. It includes:
* Identity and Access Management.
* Procedures for "auditing" AWS security infrastructure.
* Reporting of user access to AWS services.
* Entry points on AWS.

* AWS shared responsibility model:
It requires establishing and understanding AWS responsibilities and includes security of and in the cloud. It includes:
* Security "of" the Cloud (managed by AWS)and
* Security in the Cloud (managed by the user).
* Implementation of least privileged access.
* Deploying and applying security at every level and layer.
* Considering Security is job zero.
* Considering and working on security at top-most priority.
* Considering everyone themselves as a security engineer.

The other concepts that are included and involved are:
* Being aware of and understanding different AWS security capabilities.
* Security and identity.
* AWS "Secure Global Infrastructure".
* "Data Center" Security.
* Security-related "compliance" protocols: It would require running AWS Config Rules for evaluating your AWS environment for compliance. Other related services for this purpose.
* Risk management strategies.
* Governance.
* DDoS Mitigation.
* Detective Controls.
* Infrastructure Protection.
* Data Protection.
* Well-Architected Tool.