Best practices

Definition

Before you architect any system, you must put in place practices that integrate security as a foundation, and control who can do what. You also want to identify security incidents, protect your systems, and maintain the confidentiality and integrity of data through data protection. You should have well-defined and practiced processes for responding to security incidents. These tools and techniques are important because they support objectives such as protecting health data and complying with regulatory obligations.

The AWS shared responsibility model enables organizations that adopt the cloud to achieve their security and compliance goals. Security and compliance is a shared responsibility between you and AWS. This shared model can help relieve your operational burden as AWS operates, manages, and controls the components from the host operating system and virtualization layer down to the physical security of service facilities. Your organization assumes responsibility and management of the guest operating system (including updates and security patches) and other associated application software, as well as the configuration of the AWS provided security group firewall. Carefully consider the cloud services you adopt, as your responsibilities vary depending on the services used, and applicable laws and regulations. This differentiation of responsibility is commonly described as AWS assumes security of the cloud, and your organization assumes security in the cloud.