Overview of the AWS Security Pillar
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Time
19 hours 19 minutes
Difficulty
Intermediate
CEU/CPE
20
Video Transcription
00:00
>> Hey everybody and welcome back.
00:00
In this lecture we're going to be talking about
00:00
the overview of the AWS security pillar,
00:00
which is part of the Well-Architected Framework.
00:00
Learning objectives for this is going to be
00:00
to explain the Well-Architected Framework
00:00
and then we're going to highlight
00:00
the security pillar in particular,
00:00
because this module is going be about security.
00:00
I'm going go ahead and share my screen and
00:00
we'll walk through the next part here.
00:00
Here we are on AWS' websites.
00:00
I went ahead and jump straight to the security pillar,
00:00
but I'll take a step back and show you
00:00
the Well-Architected Framework page.
00:00
I highly recommend that
00:00
you review this because there's going be some questions
00:00
in your exam that is straight out
00:00
of this Well-Architected Framework.
00:00
There are six pillars to this,
00:00
you can find them by clicking any one of these.
00:00
You can do like the overview,
00:00
can read the abstract,
00:00
the introduction, you can see
00:00
the six different pillars here.
00:00
But if we go to security in
00:00
particular, so they have a whitepaper.
00:00
That whitepaper is what I always like to refer to.
00:00
Now, you're not going to see a lot of
00:00
questions directly from this.
00:00
In this example, you will see that in some of
00:00
the other exams but in this exam,
00:00
you do want to get familiar with this.
00:00
I do recommend reviewing it because it's going to give
00:00
you a pretty good idea of what
00:00
to look for and
00:00
what planning needs to go and
00:00
whenever you're doing your Cloud security.
00:00
But this is really good because it teaches you
00:00
security foundations, as you can see here,
00:00
shared responsibility model,
00:00
which we talked about in our course but this
00:00
gives you a breakdown of it and further detail.
00:00
The response to abuse and compromise,
00:00
which is important to know.
00:00
Sometimes people like to use
00:00
AWS resources to attack other people,
00:00
that is abusive and we don't want that to happen.
00:00
Here's AWS' policy on that,
00:00
which is a good thing to know.
00:00
Governance, which is very,
00:00
very important when you're dealing with the Cloud.
00:00
If this is your first time ever doing
00:00
anything in the Cloud and you're
00:00
managing information for your employees,
00:00
your customers, you're dealing with it for users abroad,
00:00
whatever the situation is,
00:00
there's always the chance that
00:00
you're dealing with some type of regulation
00:00
and you're going to want to make sure that you're
00:00
knowing what's ahead of you before you dive into this,
00:00
because there's some pretty hefty fines out
00:00
there and I do not want anybody to get penalized.
00:00
It's just good to get familiar with this.
00:00
There's also some other
00:00
which we'll be talking about here later in the module,
00:00
but there's also some other resources
00:00
that deals specifically with Cloud compliance.
00:00
You'll want to get familiar with that as well.
00:00
Here's how to operate your workloads securely.
00:00
This is just some really good information.
00:00
Remember, this is all security foundations.
00:00
As you get more mature,
00:00
you can move on to some of
00:00
the other specific security controls
00:00
like identity and access management,
00:00
detection infrastructure security data.
00:00
You can get the gist here.
00:00
Really that's just what I wanted to
00:00
take a second to walk you through.
00:00
If we were to summarize
00:00
Cloud security 101 at a high level,
00:00
this is what I would
00:00
consider some of the most important things.
00:00
I may be missing a few here,
00:00
but this is what I would say is
00:00
definitely going to be necessary across the board.
00:00
You're going to want to have
00:00
a strong identity foundation.
00:00
So you're going to want to make sure that you know
00:00
what is going on with identity and access management,
00:00
who has access to what you're auditing,
00:00
making sure that's nobody is being forgotten about,
00:00
like if somebody changes jobs
00:00
or somebody leaves the organization,
00:00
that you're cutting their access or you're changing
00:00
their access appropriately things like that.
00:00
You want to enable traceability.
00:00
You want to make sure that
00:00
all things that are done in the Cloud can be traced,
00:00
they can be logged,
00:00
they are documented, documentation is your friend.
00:00
You want to make sure you have defense in depth.
00:00
Apply security at all layers when
00:00
possible and I say
00:00
when possible because sometimes it's not always possible,
00:00
sometimes the organization and
00:00
their policies they prevent that from happening.
00:00
I won't go into the nitty-gritty
00:00
of that but if you're on the field,
00:00
don't be surprised if the organization's saying,
00:00
we don't want you to do that and you're thinking, well,
00:00
this is going to make you more secure and
00:00
they're saying, Yeah, but don't do that.
00:00
It happens and that's a reality of being in cybersecurity
00:00
that we all face and so you want to be realistic.
00:00
Apply security at all layers when possible.
00:00
Automating security,
00:00
that is the best thing you can do because we're human,
00:00
we make mistakes and to
00:00
avoid those mistakes that humans make,
00:00
automating it is honestly
00:00
the best thing because you only have
00:00
>> to get it right the
00:00
>> first time and then you can just automate that out
00:00
every single time you have to redo the redundant tasks,
00:00
like spinning up an EC2 instance.
00:00
You want to protect your data in transit and at
00:00
rest so make sure using encryption.
00:00
Key people away from data when possible,
00:00
so make sure you're using
00:00
privately secured S3 bucket and so forth,
00:00
and make sure that you have
00:00
a disaster plan in case there's some type
00:00
of security breach whenever those events happen
00:00
that you have a plan on how to handle it.
00:00
Those are the top tips that I have for Cloud security.
00:00
That about wraps up this lecture.
00:00
To summarize, we talked
00:00
about the Well-Architected Framework,
00:00
I showed you where that is,
00:00
if you don't know where to find it go to Google,
00:00
type in Well-Architected Framework,
00:00
AWS, it'll take you there.
00:00
Notice there are six different pillars.
00:00
There's one specifically for
00:00
security you can watch this video, navigate through it,
00:00
and you can find exactly what I was just showing
00:00
you on the security pillar for AWS.
00:00
In addition, we talked about
00:00
the secure design principles.
00:00
Your Cloud security tips 101.
00:00
If you want to know more about Cloud security,
00:00
there is a AWS certification on
00:00
that the AWS Security Specialty,
00:00
I recommend you go after that and try that one out,
00:00
see if that peaks
00:00
your interests and then continue on with it.
00:00
It's definitely something that
00:00
us architects tend to depend on quite heavily,
00:00
so I highly recommend that you get
00:00
familiar with it if that's the path you want to go down.
00:00
That about wraps up this lecture,
00:00
hope you found this helpful,
00:00
I'll see you in the next one.
Up Next
Working with AWS Shield
1h 33m
Similar Content
