Monday, 21. April 2014

Optimizing Security for AWS

I recently hosted a webinar on optimizing security for AWS. The goal of the webinar was to help raise awareness of how security changes as you move to the AWS Cloud. I strongly believe that if you’re aware of the changes, you can actually build a stronger security posture for your deployments.

Securing the cloud

The webinar runs for about an hour and is now available online if you’d like to watch it on demand.

The growing impact of the cloud on IT operations When speaking with clients, I usually see three phases of cloud adoption:

•  Forklift of existing infrastructure
•  Add high availability
•  Restructure for resiliency


I could make a cheesy reference to how far you’ll go on this path, but for everyone’s sake, I’ll refrain from doing so.

It’s important to understand this progression, as there are significant changes to your IT operations with each step. Not every organization takes this path, but it’s definitely a common migration strategy when you don’t have the luxury of starting in the cloud.

Forklift existing infrastructure The quickest and easiest method of getting into the AWS Cloud is to simply forklift your existing deployment. This is a one-for-one match of what you have in production today in AWS.

While this works and can save you a bit of money, it doesn’t really get you ahead of the game. You’ve just removed the pains of managing your own hardware. That’s nice, but it’s also the cloud equivalent of taking the kids to school in your Ferrari. You’re ignoring a lot of power.

Adding high availability The next phase adds high availability to your deployment. Most organizations are hesitant to deploy all of their data center systems in highly available configurations. Rightly so, as it typically means a doubling of costs and management overhead.

In a dynamic environment like the AWS Cloud, that’s no longer the case.

Within the cloud, you can deploy highly available systems in a traditional (deploying systems in pairs or clusters) or in a responsive manner. A responsive design ensures that the system scales in response to the demands of its users.

Restructure for resiliency

Once a team has reached a level of comfort with the AWS Cloud, they start to redesign and restructure their deployments for resiliency.

Resilient designs:

•  scale in response to the demands of its users
•  are tolerant of multiple system failures
•  recover automatically


In a traditional environment, it is extremely difficult to achieve these goals. In the AWS Cloud, these are quickly becoming the new “normal.” AWS even provides sample designs for the most common application types which exhibit these features.

Securing these designs You may only just be starting down this path; maybe you’re closer to the finish. The good news is that the steps you need to take to fulfill your responsibilities under the shared responsibility model for security don’t change.

Watch the webinar to understand the fundamental aspects of the approach and types of tools that will help you grow along this path to cloud adoption.