AWS Cloud Solutions
Cyberteam Security Services uses AWS Amazon Web Services cloud-based security solutions for public, hybrid, and private clouds which include cloud access security brokers, cloud-resident data encryption schemes, and virtual perimeters for modern data centres and software-defined networks:
- Virtualisation and Cloud – Advances in virtual computing have driven growth in virtual data centres, software-defined networks, and cloud services.
- Cloud Compliance – The regulatory and compliance challenges associated with public clouds will ease across all industries in the coming years.
- Cloud Security Solutions – Effective techniques do exist for securing cloud services, including cloud access security brokers and micro-segmentation.
But several less obvious, but nonetheless consequential opportunities emerge with virtualisation, including the following:
- Data Centre Virtualisation – Racked hardware appliances with a physical top-of-rack switch are being replaced with virtual machines running over a
hypervisor-based operating system decoupled from the underlying hardware. The primary goals here are a simplification of East-West traffic, most of
which is between servers in a data centre, and cost reduction through hardware procurement savings. This has massive implications for cybersecurity
because East-West enterprise traffic will be controlled within the virtual data centre, rather than across the enterprise IP-based LAN.
- Software Defined Networking (SDN) – Traditional hardware/software infrastructure in wide area networks is being replaced with a software-defined
network (SDN) that is managed by an SDN controller reminiscent of the old signalling system found in circuit-switched networks. The SDN controller
provides many different advantages from a cybersecurity perspective for data centre and WAN managers. It is also becoming the new point of aggregation
for performing enterprise security functions such as IPS.
- Public, Hybrid, and Private Cloud Usage – Automated communication between programs over application programming interfaces (APIs) is the underlying technology driving the adoption of ubiquitous cloud services. A useful comparison of virtual data centres and the cloud is that the former involves humans and portal, whereas the latter involves workloads and APIs.
Cloud security products
- Cloud Security Brokers – These components reside between users and cloud systems to offer man-in-the-middle security services such as authentication
and logging. Usually, a broker is designed as a centralised architectural component, but security designers are increasingly trying to build virtual
edges that look more like a flexible perimeter than a man-in-the-middle mediation point.
- Cloud Data Security Solutions – This includes encryption support to protect sensitive data in cloud services, especially ones with public Internet
visibility. Overlaying encryption onto XaaS offerings is easier said than done because once the data is obfuscated by the cryptography, basic functions
such as search are often broken. CISO teams must exercise great care in the selection of a cloud data security solution, focusing on the assurance
that critical tasks such as forensics, eDiscovery, and the search can be performed in the presence of overlay security such as encryption or data masking.
- Cloud Workload Protection – These solutions offer perimeter and enterprise-type protections for the cloud workload, either as a micro-segmented perimeter
or as an embedded root agent to detect integrity issues. As illustrations, micro-segments are supported through NSX in VMware environments and Security Groups
in OpenStack implementations.
- Application-Specific Cloud Protection – These solutions target specific SaaS applications such as Salesforce. Increasingly, applications are being virtualised into the cloud with open interfaces in order to encourage the cybersecurity community to write protections that can be integrated with the open application.
The AWS cloud solutions information shown above is mostly generic and based on best-practice, therefore to get a better understanding on what we can do for your business, all we ask is that you contact us to discuss your cybersecurity AWS cloud solutions needs to protect your IT systems and data.
Click here to contact us