cloud security.jpg

Cloud Security

Cloud security helps protect Cloud-based systems, data, and infrastructure from theft, leakage, and deletion.

Cloud security best practices prevent unauthorized access to keep data and applications in the cloud secure from current and emerging cybersecurity threats.

  • Web Application Firewalls

  • S3 Bucket Security

  • Security Groups

  • Centralized Logging

  • Monitoring and Alerting

  • Backups and Recovery

  • Access Control

Cloud Security Service Components

Incident Response

The different stages of the Incident Response Framework are preparation, identification, and containment. AWS offers capabilities for each of these stages. Creating a secure architecture is the bedrock for incident response.

Logging and Monitoring

Design and implement a logging solution by leveraging the following capabilities: 1. CloudTrail - The primary logging service that tracks API calls and user account activities 2. CloudWatch - To monitor, store and access logs from CloudTrail, VPC flow logs, Cloudwatch Agents & DNS logs. 3. S3 Access Logs - To track access requests to S3 buckets 4. Encryption, Centralization, Access Management and Retention of logs

Infrastructure Security

Design Edge Security on AWS via AWS WAF, prevent DDoS attacks, restricting S3 to CloudFront, and enabling Geo Restriction.

Identity and Access Management

Design and Implement a scalable authentication and authorization system to access AWS resources. Enable Identity Federation, S3 Bucket Policies, KMS Key Policies, and Resource Policies.

Data Protection

Protect access to data by securing S3 buckets, encryption, and KMS key management infrastructure.