Amazon Web Services (AWS) has been the world's most comprehensive and broadly adopted cloud platform for 10 years and offers more than 70 fully featured services across 13 geographic regions. In fact, an increasing number of enterprises are utilizing AWS: According to ChannelE2E, AWS' market share is more than three times higher than that of its closest rival.
As more companies move mission-critical applications to AWS, the need to secure these apps has never been more crucial. To leverage AWS in a way that rivals or exceeds the protection afforded in an on-premises environment, it is important to start with an understanding of the roles of both the customer and AWS in the Shared Responsibility Model. In this model, while AWS manages security of the cloud, customers manage the security of applications and workloads in the cloud, no differently than they would for applications and workloads in an on-premises data center.
However, this delineation isn't black and white, and there is a substantial overlap of responsibilities in terms of data. AWS is responsible for sharing security-relevant data, while the customer is responsible for gleaning insights from it. The optimal relationship is a team dynamic, where both sides recognize this overlap and work effectively together.
The key to developing a more effective security implementation is to choose a security solution that is designed to work as a "team" with AWS—particularly with the log and data streams provided by AWS. There are three critical parts of the solution. The first is to ensure that data from AWS is easily integrated into the security solution. Second, the solution needs to deliver instant security insights from that data. Third, the solution must provide comprehensive security across AWS and the customer's on-premises environment to prevent silos and fractured visibility.
Working as a team with AWS means that raw data from AWS must be converted into security reports and dashboards that offer real-time security insights by integrating with services such as AWS CloudTrail, AWS Config, Amazon Inspector and Amazon VPC Flow Logs. The customer is then responsible for resolving any security risks or potential issues identified by the reports and dashboards.
In addition, a security solution must support fast identification of threats. By providing dashboards and reports, the solution can reduce time to protection and issue resolution. Ideal security solutions reduce the time to remediate threats or security issues by eliminating the substantial time and resources that would be required for a security operations team to build, evolve and implement dashboards and reports in-house.
Securing workloads and applications on AWS requires that the AWS data and the customer solution work together seamlessly. AWS does an excellent job of providing the key security-relevant data within the Shared Responsibility Model to help safeguard the customer's environment. However, it is critical that customers choose the right solution to work with AWS to provide complete protection.
Splunk®, Splunk>®, Listen to Your Data®, The Engine for Machine Data®, Hunk®, Splunk Cloud™, Splunk Light™, SPL™ and Splunk MINT™ are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © 2016 Splunk Inc. All rights reserved.