Security Models
Principle of least privilege
- requires that each subject in a system be granted most restrictive set of privileges (or lowest clearance) needed for performance of authorized tasks.
- The principle also helps to confines damage due to any accident, error or unauthorized use.
Defense in Depth
- It requires layering security devices in a series that protects, detects, and responds to attacks on systems.
AWS Shared Responsibility Model
As per the model, AWS is responsible for security of cloud computing systems as a whole and customer is responsible for security of their instances and AWS account.
- AWS Global Infrastructure: AWS provides cloud infrastructure at regional and edge zones with requisite physical security protection and IT maintenance, in compliance to operational and security standards.
- AWS Software (Computation, Storage, Database,
Networking): Amazon guarantees secure software platform across all of its
service offerings. AWS also provides various security services for users like
provisioning of
- encryption keys
- network monitoring tools
- database protection
AWS Security by Design (SbD)
SbD enlists
- control responsibilities
- automation of security baselines
- configuration of security
- customer audit of controls for AWS customer infrastructure, operating systems, services and applications running in AWS.
- AWS recommends four-phase approach
- Phase 1 – Understand your requirements. Outline your policies and document controls inherited from AWS.
- Phase 2 – Build a secure environment that fits requirements and implementation.
- Phase 3 – Enforce the use of the templates.
- Phase 4 – Perform validation activities.
Well-Architected Framework
The Well-Architected Framework by Amazon helps users to build secure, high-performing, resilient, and efficient infrastructure for their applications. Based on five pillars of cloud architecture design principles—
- operational excellence
- security
- reliability
- performance efficiency
- cost optimization
