QA | 1 October 2015
Introducing Security Operations on AWS
Security is one of the most important issues to consider when moving to the cloud, and it affects the work of everyone from architects to developers to system operators. So it’s not surprising that it comes up a lot during AWS courses, both in the slides and in delegate questions. This week saw the release of the new dedicated course “Security Operations on AWS” course (AMWSSEC), so let’s take a quick look at it.
It’s a three-day course, and it’s targeted at security professionals (security architects, security engineers, security analysts, security auditors) as well as anyone who needs to gain a knowledge of how security works on the AWS platform. The course assumes no particular prior knowledge of AWS services.
One of my concerns when I first heard about this course was that it would be too basic for delegates who have attended other AWS courses. Obviously, there has to be some overlap with other courses, since core services such as Identity and Access Management (IAM) and Virtual Private Cloud (VPC) are enormously relevant for all AWS users, not just for security professionals. Trying to have no overlap at all would result in a very strange course. However, I’m pleased to report that my fears were unfounded. The combination of approaching the services from a different angle, and covering the security implications of each service in much finer detail, mean that this course has lots of value even for those who have plenty of experience with AWS.
More about the course
As with the other blogs in this series, I’d like to tell you a bit about the content, add some detail to what’s in the official course outline and generally give you a feel for the course. Please understand that AWS frequently release new versions of courseware, each delivery is different, and this blog will surely be outdated after a while, so please don’t treat these details as contractual – contact us if you want to know the current state of play. That said, the content currently looks roughly like this:
- Introduction to Cloud Security. This module lays the groundwork, discussing common security concerns, introducing the shared security model, and outlining a compliance framework that will be used for the rest of the course.
- Security of the AWS Cloud. This module introduces the AWS global infrastructure and Amazon’s side of the shared responsibility model.
- Cloud Aware Governance and Compliance. This introduces some common governance, risk and compliance frameworks (e.g. PCI DSS, HIPAA), and discusses governance models for AWS and building compliant infrastructure on AWS.
- Identity and Access Management. This covers accounts, identity management, access control, least privilege, and all the other features of the AWS IAM service.
- Securing AWS Infrastructure Services part 1. This module, and the four which follow it, take a deep-dive into the security features and security-related design considerations that apply to specific AWS services. In this module, we cover EC2, EBS and VPC.
- Securing AWS Infrastructure Services part 2. Continuing our service-level security discussion, this module covers ELB, Route 53, Storage Gateway and Import/Export.
- Securing AWS Container Services. This module looks into security for RDS, CloudFront, Redshift, Elastic Beanstalk and EMR.
- Securing AWS Abstracted Services. The last of the service-level security modules. This covers S3, Glacier, DynamoDB and CloudFormation.
- Using AWS Security Products part 1. The CloudTrail, CloudWatch, SNS and SQS services can be used to build security functionality – auditing, tracing, logging, etc. In this module, we go into the details of those services.
- Using AWS Security Products part 2. This modules covers yet more AWS services that exist to help you secure your cloud infrastructure: AWS Config, Service Catalog, KMS, CloudHSM and Trusted Advisor.
- Data Protection in the Cloud. Data protection regulations vary by country, but typically require securing access to data, and encryption of data in-flight and at rest. In this module, we discuss how to protect data in the AWS cloud.
- Building Compliant Workloads on AWS. This module walks through some typical use cases, showing how AWS services can be leveraged to meet the security requirements of each.
- Security Incident Management in the Cloud. The last module covers incident response management in the cloud, how it differs from traditional on-premises incident response, and how to plan an incident response strategy.
The course also contains eight hands-on labs, in which delegates can explore the capabilities of some of these services, including KMS, Service Catalog and AWS Config. I think this is an exciting course that fills an important gap in the AWS curriculum, and I think that our customers will find it packed with valuable information. If you’d like to know more, please give us a call.