AWS Security with Agility

AWS Security Best Practices

Proactively Meeting Security, Risk and Compliance Objectives with Security by Design

As organizations modernize their computing systems through DevOps based cloud approaches, a new way to govern systems is needed. Traditional security methods do not scale to the new elastic platforms that use different design principles such as immutable containers, infrastructure as code, and continuous integration and delivery.

This changes the landscape for security where the perimeter has a new definition and security policies are not applied but automated. There are also new opportunities where environments can be audited continuously in an automated fashion rather than periodic audits.

Known for building HIPAA and PCI compliant environments in the cloud, we focus on what we call “Security with Agility.” Our premise is to build secure environments without slowing down the engineering teams’ work.

  • AWS account architecture and Segregation of Duties (SoD)
  • IAM best practices for console users
  • Single sign-on for AWS accounts and individual instances
  • IAM role creation for machine usage
  • Use of AWS best practices to minimize network perimeter
  • Encryption at rest and over the wire
  • Continuous rule checking via AWS Config
  • Continuous testing of new configurations for security vulnerabilities
  • Patch management through configuration management via Ansible and Chef
  • Web application firewalls (WAF) from AWS, AlertLogic, and Imperva to secure web traffic
  • *Flux7 is an official AWS WAF Service Delivery Partner

  • Credentials management via AWS KMS or HashiCorp Vault
  • Use of immutable containers

Resources

Verifone presents at AWS Summit Santa Clara

View the slides to learn how to use AWS Security Intelligence with continuous monitoring, and configuration best practices to secure an Amazon Web Services architecture

Managing 50 Unique Compliance Rules

case-study2

Find out how configuration management, VPC and layered security ensure compliance and security requirements are met and confidentiality is assured.

Read the Case Study

Fugro’s IoT Security Solution

case-study2

With a layered security approach, redundancy and elasticity built in, the Fugro OARS project features a high degree of security for all data involved.

Read the Case Study