“All that is outside of you can be subtracted at any time, just what’s inside of you is safe“. This is a quote of the british ghostwriter Jeannette Winterson. What is true for human it’s even more for companies, especially for those that works in internet world.
Cloud Security is a particularly debated and controversial issue. Manager and entrepreneurs are asking a lot of questions about.
Where do my data goes?
How to keep my data safe?
What does it costs to set up a “impregnable fortress”?
Amazon Web Services, top of Cloud Provider, makes safety an absolute priority. How? With a network data center architecture designed to satisfy most demanding companies, AWS allows its customers to recalibrate resources. But not only that, customers pay only for services that use.
AWS has a benefit: datas are stored in highly secure and cutting-edge data centers and this allows to guarantee high levels of privacy with a lower price. Now we analyze privacy protection services that AWS provides to its customers.
- Network firewalls integrated into Amazon VPC and web application firewall capabilities in AWS WAF that allow you to create private networks and control access to instances and applications;
- Encryption in transit with TLS on all services;
- Connectivity options that allow private or dedicated connections from the office or business environment.
Most frequent question is: where do my data go?
What is certain is that they don’t dissolve in the clouds. AWS data centers have been designed to guarantee solid protection to protect customer’s privacy. All datas are stored in highly secure data centers in which staff can’t go in. Data centers are stored in 49 availability zones distributed in 18 geographical regions all over the world. A new expansion plan has been announced: with 12 new availability zones and 4 additional regions in Bahrain, Hong Kong, Sweden and a second AWS GovCloud region in the US, the storage space will be “infinite”. In addition, with AWS it’s possible to choose, physically, in which region store data.
All this without losing sight of your data through tools that allow you to keep the AWS environment under control. How? With enhanced visibility on API calls through AWS CloudTrail, log aggregation options and alert notifications by Amazon CloudWatch. AWS allows you to define, apply and manage user access policies on all AWS services.
But now we come to responsibility. A single word that can be scary but not according to the Aws philosophy based on shared responsibility. This model has a double utility: helps customers to relieve from operational burden because AWS deals with protecting global infrastructure on which all services are performed while the customer will be responsible for the guest operating system (including security updates and patches), other application software and security group firewall configuration provided by AWS. Generally, almost all Aws service’s require that customer perform certain configuration and security management tasks, according to public White Paper on AWS portal. As the image shows, customers will know well what is his area of responsibility and which instead of the provider.
Despite all the efforts of AWS (and ours) to tell the best and the most possible simply the concept of Shared Responsibility, surely Kate Turchin has defeated the competition, explaining all in only 1:54 minutes, and in its own way …
And in case of DDoS attacks? There’s some news that scares insiders: in 2017, 7.5 million attacks were launched. We are talking about 57% of companies and 45% of data center operators who have been saturated of their Internet band in the last year. In 56% of cases, the financial impact of attacks was calculated between 10,000 and 100,000 dollars. AWS’s customers benefit from services and technologies designed to resist DDoS attacks.
But that’s not all. AWS offers the opportunity to add a security layer to Cloud inactive data, providing scalable and efficient encryption features. Here are the following:
- Data encryption capabilities available in AWS storage and database services, such as EBS, S3, Glacier, Oracle RDS, SQL Server RDS, and Redshift;
- Flexible key management options, including AWS Key Management Service;
- Hardware-based dedicated key storage using AWS CloudHSM to improve compliance;
- Finally, AWS provides API that integrates cryptography and data protection with developed or deployed business services in AWS environment.
At this stage,it’s necessary to put oneself in the right hands. Relying on cloud professionals able to provide assistance and, why not, solutions. We have been doing this for 10 years, we were born with Cloud Computing and we know all the secrets. But mostly we are a company and we stand on company’s side, and so we will remain at your disposal for any doubts and/or further requests.
Data is the key on which depends the success of an application deployment in the cloud.
The migration assessment and planning process must highlight the physical limitations inherent in data migration from the local path to the cloud.
We put at your disposal the experience and expertise of our Cloud Architect and SysOps highly specialized in the management of the AWS suite of tools, which will simplify every operation.
You need a Cloud Migration for your Business, the staff of VMEngine will be at your disposal