Cloud
computing being into the concept of using servers on third party premise, they
are relatively more vulnerable to data theft than the hosting on traditional
inhouse servers. Data breach has been
into main topic for discussion before making any decision to migrate to cloud. Enterprises has
been very skeptical to migrate their confidential data on cloud. Only this factor has restricted the growth in
adapting Cloud computing. Enterprises
has evolved into migrating only non confidential data or resources to cloud and
the confidential one on their on premise setup. Cloud service providers have
managed to create a positive ambience by formulating cloud security compliance in accordance with
public cloud security and government regulations and best practice
policies. Amazon Web Services lead all
cloud IaaS providers in adhering to cloud security norms.
AWS
is certified under Safe Harbor Framework and accredited by numerous association
across geographies to certify its cloud security compliance with third party
framework. Amazon always shun away from assisting the NSA's PRIISM program
unless binding by legally valid or compulsory binding order. AWS management
follow strong encryption techniques where the client is passed on the
encryption keys to manage on their own. Also, publish security best practice
policies for the clients to download information and make the best use of it in
safeguarding their personalized confidential data.
Amazon
web services follows many similar traits as on premise data centers for
safeguarding client's data on pay as you use model. No additional charges for
using the security service and the security features are inbuilt in the system.
AWS management services
use different monitoring and security management tools and login details to
manage unauthorized access. Also allows to use subnet to create separate
environment for dev/test and production purposes and thereby configure it to
monitor the traffic routed to each environment. Amazon EC2 instances allows to
update guest OS and applications with latest security patches, install anti
virus, intrusion detection. It has traditional three tier architecture that
safeguard backend apps and database by allowing front end applications to
handle the unauthorized traffic. There is also an option to setup hardware VPN
with cloud resources which creates another layer of data protection.
AWS
security features includes software based security mechanisms which helps the
developers/administrators operate remotely. Digital signatures and crypto keys
are primarily used to authenticate the users.
Each virtual servers like EC2 instance, Elastic Load Balancer and VPC is
provided with a firewall. AWS account to be protected using IAM (Identity
Authentication Management) credentials and its access details to be used to
enter the account. All security compliance requirements are fulfilled using the
application certificate report (ISO, PCI, FedRAMP, etc) for the infrastructure.
