Return to Well-Architected Framework Guide
- Apply overarching best practices to every area of security
- Stay up to date with AWS and industry recommendations and threat intelligence
- Automate security processes, testing, and validation
- Ask:
- How do you securely operate your workload?
Identity and Access Management
- Ensure only authorized and authenticated users and components are able to access resources, and only intended manner
- Define principals (accounts, users, roles, and services that can perform actions in your account)
- Build out policies aligned with these principals, and implement strong credential management
- Apply least-privileged access approach
- Ask:
- How do you manage identities for people and machines?
- How do you manage permissions for people and machines?
- Use detective controls to identify potential security threats or incidents
- Use internal auditing to ensure that practices meet policies and requirements
- Set automated alerting notifications based on defined conditions
- Ask:
- How do you detect and investigate security events?
- Control methodologies necessary for best practices and organizational or regulatory obligations
- Implement stateful and stateless packet inspection
- Use Amazon Virtual Private Cloud (Amazon VPC) to create a private, secured, and scalable environment
- Enforce boundary protection
- Monitor points of ingress and egress
- Engage in comprehensive logging, monitoring, and alerting
- Ask:
- How do you protect your network resources?
- How do you protect your compute resources?
- Use data classification to categorize organizational data based on levels of sensitivity
- Encrypt data and manage keys, including regular key rotation
- Perform detailed logging that contains important content, such as file access and changes
- Use versioning to protect against accidental overwrites, deletes, and similar harm
- Ask:
- How do you classify your data?
- How do you protect your data at rest?
- How do you protect your data in transit?
- Put processes in place to respond to and mitigate the potential impact of security incidents
- Routinely practicing incident response through game days
- Ensure that you have a way to quickly grant access for your security team
- Practice the following:
- Detailed logging
- Automate event processing and response
- Pre-provision tooling and a “clean room” to carry out forensics in a safe, isolated environment
- Ask:
- How do you anticipate, respond to, and recover from incidents?
Top comments (0)