At the end of July 2019, the number of AWS services with a dedicated chapter on security in the documentation included 70 items, and currently, it is over 150 services.
Why is it so important to know the security related to the implemented service? The description prepared by AWS applies to both the built-in and configurable security features of a given service. AWS introduced special chapters in its documentation, which, based on the collected information, were created at the request of customers. They describe in a simple and detailed way the security of the cloud and in the cloud, taking into account the model of shared responsibility for each of the services. They allow not only programmers but also security, risk management, compliance and product teams to evaluate the service before its implementation and obtain a complete picture of its operation, including a catalogue of all updates if such verification is also necessary.
In addition to compliance with the shared responsibility model, the chapters also contain information in the context of the Cloud Adoption Framework from AWS. Thanks to this, it is possible to verify a given service in such areas as:
- Data protection.
- Identity and access management.
- Logging and monitoring.
- Conformity validation.
- Infrastructure security.
- Configuration and vulnerability analysis.
- Best Security Practices.
Another important issue is the compliance of services with the safety and quality standards in individual industries. This extended description enables customers to evaluate services based on solutions they already use and to evaluate before embarking on the cloud adoption process.
A growing practice is the creation of internal Cloud Centre of Excellence, which aims to securely deploy cloud services on a large scale. These are expert teams with in-depth knowledge of cloud operations and actively contribute to the cloud transformation of businesses.
The information in the security chapters is used as a key input to improve cloud management and help balance flexibility and innovation while maintaining security when implementing new services.