Which of the design principles for security in the cloud is the architect applying

7 Design Principles of Cloud Security

The AWS Well Architected Framework (WAF) helps cloud architects build secure, high-performing, resilient, and efficient infrastructure for their applications and workloads. It has 5 pillars — operational excellence, security, reliability, performance efficiency, and cost optimization.

The security pillar outlines 7 design principles:

• Implement a strong identity foundation: Implement the principle of least privilege and enforce separation of duties with appropriate authorization for each interaction with your AWS resources. Centralize identity management and aim to eliminate reliance on long-term static credentials.

• Enable traceability: Monitor, alert, and audit actions and changes to your environment in real time. Integrate log and metric collection with systems to automatically investigate and take action.

• Apply security at all layers: Apply a defense in depth approach with multiple security controls. Apply to all layers (for example, edge of network, VPC, load balancing, every instance and compute service, operating system, application, and code).

• Automate security best practices: Automated software-based security mechanisms improve your ability to securely scale more rapidly and cost-effectively. Create secure architectures, including the implementation of controls that are defined and managed as code in version-controlled templates.

• Protect data in transit and at rest: Classify your data into sensitivity levels and use mechanisms, such as encryption, tokenization, and access control where appropriate.

• Keep people away from data: Use mechanisms and tools to reduce or eliminate the need for direct access or manual processing of data. This reduces the risk of mishandling or modification and human error when handling sensitive data.

• Prepare for security events: Prepare for an incident by having incident management and investigation policy and processes that align to your organizational requirements. Run incident response simulations and use tools with automation to increase your speed for detection, investigation, and recovery.

The above mentioned 7 principles should be applied to all 6 areas of security in the cloud:

• Foundations
• Identity and Access Management
• Detection
• Infrastructure protection
• Data Protection
• Incident Response

Leveraging the design principles outlined in this blog post ensures a strong security posture. Future blog posts will outline details on each of the design principles and how they are applied to the areas of cloud security.

Security, the second pillar of the AWS Well-Architected Framework, contains seven design principles. By adhering to these guidelines, you can increase the strength of your cloud security, and protect your data.

The design principles encompass the ideas of foundation, preparation, and automation.

1. Implement a Strong Identity Foundation

A strong identity foundation is critical to maintaining safe data. Utilise the principle of least privilege by allowing each team member the minimum amount of access necessary for their work.

You should also centralise your identity management and try to reduce using static credentials.

2. Enable Traceability

It’s easier to find problems when you have a pre-existing tracing system. By monitoring your workload and applications in real-time, you’ll also receive alerts at the exact moment when something breaks through your security.

3. Apply Security at All Layers

Every layer and level of your workload and applications should be secure. Just because it’s an internal system doesn’t mean it’s safe.

4. Automate Security Best Practices

Automation lessens the likelihood of human error. Automated security sweeps can be set to run at regular intervals, and will automatically alert the correct team member when there is a problem.

5. Protect Data at Transit and Rest

Your data should always be secure, even when it’s within your systems. Use a classification system that all team members understand, to determine what level of security your data needs.

Based on its classification, data should be secured using encryption, tokenisation, or access control. If you’ve automated your security best practices, your security system can sort the data itself.

6. Keep People Away from Data

In addition to the principle of least privilege, you should also use tools that help to lower the need for human access to data. Human error can cause security breaches or loss of data.

7. Prepare for Security Events

Prepare your systems and teams for a future security event. Following your organisational best practices, create an incident management and investigation policy. Train all team members in your response policy by running drills.

Schedule a Well-Architected Review
To ensure your data is as secure as possible, consider working with an AWS Well-Architected Partner. WOLK can identify any outstanding high-risk items and mitigate them for you.

Once you’ve completed a Well-Architected Review, you can continue to maintain the highest level of security possible by adhering to the seven design principles of the security pillar.