Architectural model Maturity model Governance model

Choosing a security model

You can choose from various security models or approaches for AWS. The choice of approach and the best-fitting model depends on your audience, the target business outcomes, and the overall business process. It is possible to use a blend of multiple models.

Each model has its own set of benefits and drawbacks. It is important to consider which approach is best suited for your organization. Involve security professionals early in the process of modernizing your infrastructure and adopting cloud strategies. The model you choose has a significant impact on the roles and responsibilities within your organization.

Architectural model

The following image shows the AWS Security Reference Architecture. This architectural approach provides a blueprint for a security model. This approach is best suited when you are engaging with technical teams within your organization. It helps set an ideal future-state goal. It also aligns with many compliance and AWS frameworks.

An architecture diagram of the AWS Security Reference Architecture

Advantages of the architectural model:

Aligns with Health Insurance Portability and Accountability Act (HIPAA) and Health Information Trust Alliance Common Security Framework (HITRUST CSF) requirements
Provides an architectural perspective
Aligns to cloud strategies and guidance for large enterprises
Aligns with the AWS Cloud Adoption Framework (AWS CAF)
Aligns with the AWS Well-Architected Framework

Disadvantage of the architectural model:

Is technology-focused rather than business-focused

Maturity model

The AWS Security Maturity Model approach focuses on managing and reducing risk by prioritizing the implementation of security measures. This approach is well-suited for security directors and CISOs, but it's not business-focused.

Advantages of the maturity model:

Is security focused
Is a model that focuses on using an agile-based implementation approach
Helps you quickly reduce risk
Aligns with the AWS Cloud Adoption Framework (AWS CAF)

Disadvantages of the maturity model:

Is technology-focused rather than business-focused

Governance model

The Cloud Foundation on AWS model uses a governance, risk management, and compliance (GRC) approach to help organizations meet security and compliance requirements. It defines the overall policies your cloud environment should follow. The capabilities within this model help you define action items, define your risk appetite, and align internal policies.

The Cloud Foundation model is a capability and governance guide that helps you build and evolve your AWS Cloud environment. It is based on a set of definitions, scenarios, guidance, and automations. The guide includes the people, process, and technology aspects of establishing an AWS Cloud environment. It covers six categories of capabilities that are essential for a cloud foundation:

Governance, risk management, and compliance
Operations
Security
Business continuity
Finance
Infrastructure

The guide also provides examples, timelines, and further reading for each capability.

Advantages of the governance model:

Has a broad technology focus
Is designed for reliability
Uses an operational approach

Disadvantage of the governance model:

Is technology-focused rather than business-focused

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Security scope

Business objective model