AWS, AWS Interview Question

How can you secure your data in the AWS Cloud?

In on-premise data center , data is in customer own control at physical storage and logical level . We can implement any security tools for our own convenient . But in cloud its not the same case , you will not get deep control on it . So you have to plane well to ensure data security.

The following points will help to increase security measure on your data stored in AWS cloud.

Encrypt the data . You can use your own custom tool or you can use AWS Default encryption option with volume.Use data encryption in transition.

 IAM policies, which can be used to restrict users, groups and roles from altering settings, and to also provide the ability to access buckets and EBS volumes.

AWS Key Management Service (KMS) or AWS Cloud Hardware Security Modules (HSM).

Implement S3 bucket policies; these are bucket level policies that can be used to restrict access to buckets. Block all public access to aws S3 bucket directly . You can enable in secure way to use your S3 bucket securely for public access.

Use well defined OS level access permissions for data in disk and share drives. Ex Use selinux policies and AD level access for groups.

Use third party data protection ,access tools like CA siteminder eTrust

Implement DB level user/access .


Leave a Reply