More and more companies understand the benefits of cloud computing, which is making their migration to the cloud more rapid. Per IDG’s 2020 Cloud Computing Study, 81% of organizations said that they’ve migrated either one application or a portion of their infrastructure to the cloud. The reasons why a company would shift its services towards the cloud depend on its business priorities, of course. General reasons for migrating include 1) cost-savings, 2) reliability, 3) scalability, and 4) flexibility.

Even so, it’s important that organizations implement the necessary security controls to once they’ve migrated to the cloud. This whitepaper puts particular focus on cloud-native security controls offered by Amazon Web Services (AWS), one of the most common public cloud infrastructure providers used by organizations today. The controls in Network Security and Endpoint as well as Services Security can help security engineers to protect the AWS infrastructure and ensure that they function effectively.

Let’s break them down below.

AWS Organization and VPC

AWS architecture provides maximum accessibility to services within the same geographical area and helps organizations have a higher uptime. Geographical areas called regions are where physical data centers are located. Within a region, there can be several Availability Zones (AZ) hosting multiple isolated data centers. So, a company can have multiple accounts for different projects/environments and for accessing AWS services across different AWS regions. In the end, accounts can be managed separately or controlled and monitored under AWS Organizations.  

Amazon VPC, a virtual data center located on the cloud, is the foundation of AWS environments. Organizations can build virtual networks within, launch different infrastructure resources from a VPC, and achieve high availability by placing various servers in multiple AZs and having multiple subnets of a VPC. Each subnet, in turn, routes traffic between the subnet and other (Read more...)