Question

You are the head of an IT department that is planning to move several critical production applications to Amazon Web Services. You will be directly managing EC2 instances and supporting infrastructure as well as the database servers and application stacks underlying the applications. Senior management has expressed concern about the risk to the company's intellectual property as a result of running these applications on AWS. You need to provide a written response to their concerns, highlighting AWS features and other technologies that you could use to mitigate these risks. One or two sentences should be enough to cover each risk.

The risks you need to address are:

Other AWS customers might be able to eavesdrop on communication between our servers.

Any of our EC2 instances might be running on the same physical host as those of another customer, exposing us to side-channel attacks through shared memory resources or hypervisor vulnerabilities.

Important proprietary data will be retained in persistent storage on some of our instances. An Amazon sysadmin could conceivably access our storage volumes and extract that data.

A major outage at an Amazon datacenter hosting our AWS resources could knock our applications offline, costing us significant revenue.

Answer 1

1=To prevent from eavesdrop,all AWS services provide secure customer access points (also called API endpoints) that allow you to establish secure HTTPS communication sessions.HTTPS uses the SSL/TLS protocol, which uses public-key cryptography to prevent eavesdropping, tampering, and forgery.

2=Amazon Web Services provides a range of networking services that enable you to create a logically isolated network that you define, establish a private network connection to the AWS cloud, use a highly available and scalable DNS service and deliver content to your end users with low latency at high data transfer speeds with a content delivery web service.So their is no chance of side-channel attacks through shared memory resources

3=Every AWS resource is owned by an AWS account, and permissions to create or access a resource are governed by permissions policies. An account administrator can attach permissions policies to AWS Identity and Access Management (IAM) identities (that is, users, groups, and roles).When granting permissions, you decide who is getting the permissions, the resources they get permissions for, and the specific actions that you want to allow on those resources.So without our permission no one can extract the data.

4=The data center electrical power systems are designed to be fully redundant and maintainable without impact to operations, 24 hours a day, and seven days a week. Uninterruptible Power Supply (UPS) units provide back-up power in the event of an electrical failure for critical and essential loads in the facility. Data centers use generators to provide back-up power for the entire facility so there is no fear of outage.