The security of IT systems is mentioned in the second place as the most important element of the IT system right after its efficient operation. You can argue whether it should be mentioned first however the reality is that there are few IT systems as secure as the cloud (contrary to popular fears).
The cloud is secure due to the security used in the cloud that underlies the design of each service - security by design. Security is a top priority for AWS. The AWS cloud enables unprecedented flexibility and quality of operation, while giving full control over security and ensuring it in every aspect using a number of available tools and services that are run by default configured securely or their configuration always suggests the safest solutions.
Hostersi in the process of designing cloud infrastructures help customers create secure environments using best practices and a security by design approach. In the process of migration to the cloud or approach to changes in the infrastructure already existing in the AWS cloud, we apply the principles of extended security and ensuring compliance with the Client's requirements. The main fields in which Hosters support Clients in designing and maintaining secure systems:
Safety engineering - safety is a top priority at AWS. To maintain security at the highest level, it is important to plan it already at the time of designing and building infrastructure in AWS.
As part of security engineering solutions, we focus on designing, implementing and maintaining AWS infrastructure, resources, software and tools used to secure them. Design decisions in the selection of solutions and their implementation are the key aspects taken into account by Hosters here.
Secure infrastructure management and automation - automation and CI/CD are the basic elements of any modern infrastructure and security strategy in the AWS cloud. This approach, often referred to as "DevSecOps" or "SecDevOps", whose main goal is to approach security at the design stage of both the environment and the application, also speaks of the application developers' approach to security. Security-related tasks should be automated by code (IaC), regularly audited and devoid of human intervention wherever possible. This approach helps secure access to data, reduces errors and reduces maintenance costs by scaling limited human resources through code-level automation. With continuous delivery practices, security professionals can now respond to more incidents, investigate incidents more closely, and put their organization better positioned to stay secure.
Management, Risks and Compliance – Hosters also help customers create AWS cloud environments that comply with industry standards, undergo internal and external audits, and have obtained third-party certifications. In this list, the most popular solutions are ISO 27001, PCI DSS, HIPAA or SOC. To ensure a high standard of service, Hosters take care of the entire process of cooperation with the client m.in. by:
- having "on board" specialists with AWS Certified Security certificates - Specialist
- regular training of technical and sales staff, participation in trainings, meetings and sharing this knowledge with others,
- taking into account the best security practices already in the sales process and at an early stage of technical talks with the Client,
- design approach "security by design",
- formalized Statement of Work (SOW) used for all projects with the definition, requirements and objectives and their control,
- project management by the Project Manager controlling the proper course of the project and managing changes,
- appropriate cooperation with the Client, acceptance of design elements and examination of the level of satisfaction with the implemented solutions,
- applying the principles of awS Well Architected Framework and auditing entire infrastructures within these principles with a look at all five most important areas, including security.
Hostersi use in projects adequate to the applications of AWS services regarding security, of course in relation to the specifics of a given infrastructure, m.in.:
- AWS Identity and Access Management (IAM)
- Amazon GuardDuty
- Amazon You Have
- Amazon Inspector
- AWS Config i AWS Config Rules
- AWS CloudTrail
- Amazon CloudWatch i AWS CloudWatch Events
- AWS Lambda
- AWS Key Management Service (KMS)
- AWS CloudHSM
- AWS WAF
- AWS Direct Connect
- AWS Shield and Shield Advanced
- AWS Secrets Manager
- AWS Certificate Manager
- Amazon Cognito
- AWS Single Sign-On
- AWS Firewall Manager
- AWS Security Hub
As part of designing safe solutions, we take care of, among others:
- use of templates in creating infrastructure (standard templated infrastructure provisioning),
- use of firewall, IDS, proxy, etc. class solutions,
- designing a secure network including VPC, using multi-region redundancy,
- management of permissions, keys and passwords,
- resistance to DDoS attacks,
- centralization of management, logging of events, authentication, and monitoring and detection of incidents, alerts and events,
- change management with maintaining the history of changes,
- creating inventory and managing resources,
- automation at the CI/CD level,
- standardization and centralization of application deployment,
- use of AMI images,
- education of client Developers in the indicated areas,
- detection, response, investigation and prevention of incidents 24/7/365,
- creating templates for responding to events and incidents,
- the use of playbooks in the creation of security standards established with the client.