Why Would you need this service?

  • Properly secured environment leads to a compliant one;
  • Higher level of security at scale;
  • Cyber attacks are becoming more sophisticated. AWS has the resources to identify and counteract them before they cause damage.

How we deliver this service

1Tech will do a security risk assessment for your IT infrastructure that is not hosted with AWS, and will work to understanding of the strengths and weakness of your organisation’s information security controls prioritised by business impact which will provide a holistic view of information security controls and the understanding of information security risks that need to be mitigated;

Our risk assessments and mitigation strategies will consider

  • Identity and Access Management (IAM): only authorised, authenticated users to access resources in the way you intend;
  • Detective controls – identify potential security incidents are these being captured, logged and analysed;
  • Infrastructure protection: against unintended access – create network boundaries & gateways;
  • Data Protection: data classification, encryption (@rest or in transit), backups, replication & recovery;
  • Incident response: process to respond & mitigate potential incidents. Needs timely investigation to mitigate threats.

Architecture design principles for security:

  • Implement security at all layers. For on prem security only considered at the perimeter. In AWS is possible to implement security between resources so that are secure from each other;
  • Enable traceability – all changes logged;
  • Apply the principle of least privilege – access as appropriate;
  • Automate security best practice – automate routine & security events.

Deliverables

  • A detailed report on your current security risks and recommendation on how to correct these

Recommended AWS Cloud Security services:

  • Amazon CloudFront – a content delivery network (CDN) that provides a network of globally distributed proxy services which cache content for local access. Deeply integrated with KEY AWS services like WebApp Farrell;
  • Amazon Inspector – an automated assessment service for Apps on AWS. It provides security teams visibility into security testing during development and helps ensure that security compliance is being followed. This service allows you to define standards and best practice for you applications and ensures that these are enforced;
  • AWS Security compliance in cloud environment includes industry certifications, publishing security control practices and compliance reports;
  • AWS Data Protection services help you protect your data, accounts, and workloads from unauthorized access. AWS data protection services provide encryption and key management and threat detection that continuously monitors and protects your accounts and workloads.
  • AWS Identity Services enable you to securely manage identities, resources, and permissions at scale.With AWS, you have identity services for your workforce and customer-facing applications to get started quickly and manage access to your workloads and application
  • AWS protects web applications by filtering traffic based on rules that you create. For example, you can filter web requests based on IP addresses, HTTP headers, HTTP body, or URI strings, which allows you to block common attack patterns, such as SQL injection or cross-site scripting.
  • Threat detection & continuous monitoring – AWS identifies threats by continuously monitoring the network activity and account behaviour within your cloud environment. AWS gives you a comprehensive view of your compliance status and continuously monitors your environment using automated compliance checks based on the AWS best practices and industry standards your organisation follows.

Benefits/ Typical Outcomes

  • Reduced security risk as AWS cloud enables you to test often, patch quickly , respond to incidents fast;
  • Quick response to changing market conditions means its scalable, agile, innovative;
  • AWS pre-developed services can be quickly assembled as building blocks so it’s possible to automate software delivery and create security compliance guardrails;
  • Protection against DDoS;
  • Reliable security patching and updates;
  • Physical security that you could not match;
  • Data encryption by default;
  • Cost effective.

Need help with your project?