Overview of Amazon Web Services (part 2)

By Ashwin Venugopal -

 





To read part 1, please click here












Global Infrastructure

AWS is steadily expanding its global infrastructure to help their customers achieve lower latency and higher throughput while also making sure that their data resides only in the AWS region they specify. The AWS Cloud infrastructure is built around AWS Regions and Availability Zones. An AWS Region is known as a physical location in the world having multiple Availability Zones which in turn also consists of one or more discrete data centers, each with redundant power, networking, and connectivity, housed in separate facilities. 

In order to achieve higher fault tolerance and stability, each Amazon Region is designed to be completely isolated from the other Amazon Regions whereas Availability Zones are connected through low-latency links in a Region. Availability Zones are designed as an independent failure zone i.e. they are physically separated within a typical metropolitan region and are located in lower risk flood plains. Discrete Uninterrupted Power Supply (UPS) as well as onsite backup generation facilities are also provided by the independent substations along with the data centers situated in various Availability Zones, to reduce any risk of an event of the power grid impacting more than one Availability Zone.

Security & Compliance

Security

An AWS customer don't have to worry about managing the physical servers or storage devices, on the contrary, you can readily use software-based security tools to monitor as well as protect the flow of information into and out of your cloud resources. One of the advantages of the AWS Cloud is that it permits you to scale as well as innovate, while also maintaining a secure environment and paying only for the services you use i.e. you can have the required security that too at a lower cost than in an on-premises environment.

You can also get access to hundreds of tools as well as features by helping you to meet your security objectives by offering security-specific tools and features across network security, configuration management, access control, and data encryption. AWS environments are continuously audited with certifications from accreditation bodies across geographies and verticals where you can also take advantage of automated tools for asset inventory as well as privileged access reporting.   

Benefits of AWS Security

  • Keep your data safe- The AWS infrastructure keeps strong safeguards in place to help protect your privacy and all the data is stored in highly secure AWS data centers.

  • Meet compliance requirements- AWS is capable of managing dozens of compliance programs in its infrastructure i.e. the segments of your compliance have already been completed.

  • Save money- You can cut the costs with the help of AWS data centers by maintaining the highest standard of security without worrying about your own facility. 

  • Scale quickly- Security scales with your AWS Cloud usage. No matter the size of your business, the AWS infrastructure is designed to keep your data safe.   

Compliance

AWS Cloud Compliance allows you to understand the robust controls in place at AWS to maintain security as well as data protection in the cloud. As the systems are built on top of AWS Cloud Infrastructure, compliance responsibilities will be shared by tying together governance-focused, audit-friendly service features with applicable compliance or audit standards, AWS Compliance enablers build on traditional programs which considerably helps the customers to establish and operate in an AWS security control environment. 

The IT infrastructure that AWS offers to its customers is designed as well as managed in alignment with the best security practices and a variety of IT security standards and it also provides a wide range of information on its IT control environment whitepapers, reports, certifications, accreditations, and the other third-party attestations.  








To read part 1, please click here





     





























Comments

Post a Comment

Popular posts from this blog

Deployment (Part 3)

By Ashwin Venugopal -
Image
  To read part 1, please click  here To read part 2, please click  here Microsoft Monitoring Agent (MMA) MMA is used across multiple Microsoft solutions and has undergone a few name changes as its features and functionality have evolved. If it is being considered to be used, then following areas should be covered during a Microsoft Sentinel deployment project: Consider the timelines and the strategy for a migration to AMA (Azure Monitor Agent) before the MMA end-of-life.  Consider the central deployment and management methodology for MMA. Determine which endpoints are in scope for deployment as these affect the log ingestion volume significantly.  Azure Monitor Agent (AMA) Organizations with MMA as the main Microsoft Sentinel agent should start planning the migration to AMA as soon as possible to avoid a rushed migration. One of the main advantages of AMA is the ability to control the log collection policy centrally and apply different policies against different groups of computers, re
Read more

Project Resourcing (Part 2)

By Ashwin Venugopal -
Image
  To read part 1, please click  here Engineering - SIEM The SIEM engineers configures Microsoft Sentinel, including Log Analytics, Logic Apps, workbooks, and playbooks. They are also responsible for the following high-level tasks: Initial configuration of Azure tenant, including provisioning required resources, assigning access roles, and configuring workspace parameters like log retention, resource tagging, and blueprints.  Deployment and configuration of syslog/CEF log collection agents in appropriate locations to collect logs from on-premises devices. Generally, it will be joint effort of both system engineer and SIEM engineer, involving configuration and potential troubleshooting.  Working with system owners to enable log forwarding and configuring any required parsing of log data in Log Analytics.  Working with security operations to create and deploy KQL analytic rules to offer detections for SOC/Computer Security Incident Response Team (CSRIT) use. Tuning of alert rule parameter
Read more

Design Planning (Part 3)

By Ashwin Venugopal -
Image
  To read part 1, please click  here To read part 2, please click  here Complex Organizational Structures SIEM can be an expensive security control, hence, it is common multiple businesses to contribute to the overall expense. Various organizational units may require a level of access to specific dashboards or sets of data. Microsoft Sentinel offers the ability to assign table-level permissions and limit the level of access to the minimum required to perform requisite job functions.  Role-based Access Control (RBAC) Requirements Microsoft Sentinel offers an extensive list of Azure built-in roles that can be used to provide granular access according to the job requirements and permitted level of access. Some of them are various Microsoft Sentinel dedicated roles: Microsoft Sentinel Contributor- Can perform all engineering-related configuration, such as creating alert rules, configuring data connectors, and additional similar tasks.  Microsoft Sentinel Reader- Can query the log data stor
Read more