Amazon Web Services
We spent the better part of two years on the Amazon Web Services platform. It is amazing in some ways, and they have much more responsive technical
Support than either Google Cloud Platform or Microsoft Azure for smaller consulting firms like us. It doesn’t make any sense to present the category for platforms without including AWS.
The AWS Cloud infrastructure is built around Regions and Availability Zones (AZs). A Region is a physical location in the world where we have multiple AZs. AZs consist of one or more discrete data centers, each with redundant power, networking, and connectivity, housed in separate facilities. These AZs offer you the ability to operate production applications and databases that are more highly available, fault-tolerant, and scalable than would be possible from a single data center. The AWS Cloud operates 42 AZs within 16 geographic Regions around the world, with five more Availability Zones and two more Regions coming online in 2017. Each Amazon Region is designed to be completely isolated from the other Amazon Regions. This achieves the highest possible fault tolerance and stability. Each AZ is isolated, but the AZs in a Region are connected through low-latency links.
AWS provides you with the flexibility to place instances and store data within multiple geographic Regions as well as across multiple Availability Zones within each Region. Each Availability Zone is designed as an independent failure zone. This means that Availability Zones are physically separated within a typical metropolitan region and are located in lower-risk floodplains (specific flood zone categorization varies by Region). In addition to discrete uninterruptable power supply (UPS) and onsite backup generation facilities, they are each fed via different grids from independent utilities to further reduce single points of failure. AZs are all redundantly connected to multiple tier-1 transit providers.
Cloud security at AWS is the highest priority.5 As an AWS customer, you will benefit from a data center and network architecture built to meet the requirements of the most security-sensitive organizations. Security in the cloud is much like security in your on-premises data centers—only without the costs of maintaining facilities and hardware. In the cloud, you don’t have to manage physical servers or storage devices. Instead, you use software-based security tools to monitor and protect the flow of information into and of out of your cloud resources.
An advantage of the AWS Cloud is that it allows you to scale and innovate, while maintaining a secure environment and paying only for the services you use. This means that you can have the security you need at a lower cost than in an on-premises environment. As an AWS customer, you inherit all the best practices of AWS policies, architecture, and operational processes built to satisfy the requirements of our most security-sensitive customers. Get the flexibility and agility you need in security controls.
The AWS Cloud enables a shared responsibility model. While AWS manages the security of the cloud, you are responsible for security in the cloud. This means that you retain control of the security you choose to implement to protect your own content, platform, applications, systems, and networks no differently than you would in an on-site data center. AWS provides you with guidance and expertise through online resources, personnel, and partners.
AWS provides you with advisories for current issues, plus you have the opportunity to work with AWS when you encounter security issues. You get access to hundreds of tools and features to help you to meet your security objectives. AWS provides security-specific tools and features across network security, configuration management, access control, and data encryption.
Finally, AWS environments are continuously audited, with certifications from accreditation bodies across geographies and verticals. In the AWS environment, you can take advantage of automated tools for asset inventory and privileged access reporting. Benefits of AWS Security
- Keep Your Data Safe: The AWS infrastructure puts strong safeguards in place to help protect your privacy.
- All data is stored in highly secure AWS data centers.
- Meet Compliance Requirements: AWS manages dozens of compliance programs in its infrastructure. This means that segments of your compliance have already been completed.
- Save Money: Cut costs by using AWS data centers. Maintain the highest standard of security without having to manage your own facility
- Scale Quickly: Security scales with your AWS Cloud usage. No matter the size of your business, the AWS infrastructure is designed to keep your data safe.
AWS Cloud Compliance enables you to understand the robust controls in place at AWS to maintain security and data protection in the cloud.6 As systems are built on top of AWS Cloud infrastructure, compliance responsibilities will be shared. By tying together governance focused, audit-friendly service features with applicable compliance or audit standards, AWS Compliance enablers build on traditional programs. This helps customers to establish and operate in an AWS security control environment.
The IT infrastructure that AWS provides to its customers is designed and managed in alignment with best security practices and a variety of IT security standards. The following is a partial list of assurance programs with which AWS complies:
- SOC 1/ISAE 3402, SOC 2, SOC 3
- FISMA, DIACAP, and FedRAMP
- PCI DSS Level 1
- ISO 9001, ISO 27001, ISO 27018
AWS provides customers a wide range of information on its IT control environment in whitepapers, reports, certifications, accreditations, and other third-party attestations. More information is available in the Risk and Compliance whitepaper7 and the AWS Security Center.
Amazon Web Services
Cloud Platform AWS consists of many cloud services that you can use in combinations tailored to your business or organizational needs. This section introduces the major AWS services by category. To access the services, you can use the AWS Management Console, the Command Line Interface, or Software Development Kits (SDKs). AWS Management Console Access and manage Amazon Web Services through the AWS Management Console, a simple and intuitive user interface. You can also use the AWS Console Mobile App to quickly view resources on the go.AWS Command Line Interface
The AWS Command Line Interface (CLI) is a unified tool to manage your AWS services. With just one tool to download and configure, you can control multiple AWS services from the command line and automate them through scripts. Software Development Kits Our Software Development Kits (SDKs) simplify using AWS services in your applications with an Application Program Interface (API) tailored to your programming language or platform.