AWS Cloud Security

Using native services is the best way to start. Configure IAM permissions to follow the principle of least privilege, institute VPCs and Security Groups to appropriately segment your network, encrypt your data at rest and in transit using the built-in encryption features of services like Amazon S3, Amazon RDS, and EBS along with AWS Key Management Service, log and monitor your environment using services like AWS CloudTrail, Amazon CloudWatch, and AWS Config. Also make sure you are regularly patching and updating your underlying infrastructure and using AWS Backups to manage and secure your data.

By having different accounts for different purposes, you can better ensure that a security issue in a given account doesn’t jeopardize the rest of the system. Compartmentalizing which accounts can touch which resources effectively limits the risk of account-related security and breaches. It can also help you to better track costs, simplify networking, and help you meet regulatory or compliance requirements, such as who has access to sensitive customer information.

AWS has its own native tools to do this, like AWS Security Hub. You can also request a security firm to perform an audit, if appropriate. But if you’re looking for a quick way to assess your overall security posture, we recommend Mission Cloud Score, which measures your environment against the well-architected pillars, including security, and will enumerate any risks or vulnerabilities it detects.

Yes. With Mission Cloud One, our comprehensive managed service, we offer a SOC through CrowdStrike as part of the ongoing operations support you receive. You’ll also get Cloud Analysts which can help you assess your environment and measure your alignment to best practices as well as a 24/7 CloudOps support team to help with monitoring and incident management.

It depends. Audits can be a combination of both what your infrastructure is and how it's documented. Sometimes, if it’s a matter of missing documentation, you may be best served by instituting logging and monitoring across your environment to more thoroughly collect information about what’s happening inside of it. But if the audit suggests that your vulnerabilities run deeper than that, it may be time to consider redesigning a part of your infrastructure to better accommodate your security needs.

Unfortunately not. Security is not a binary and there is not a magic combination of ingredients by which an environment will ever be made totally and permanently secure. Security best practices dictate that we think of security in terms of defensive measures. These measures must be re-visited from time to time, like the rotating of secret keys, to keep them hardened against attackers and to ensure that no system falls into a state of vulnerability. But if continuing to manage these kinds of concerns yourself has become taxing, you should consider adopting a managed service, like Mission Cloud One, where a partner can help manage and respond to security concerns on your behalf.