Crawl, walk, run: Accelerating security maturity in the AWS Cloud - AWS Prescriptive Guidance

Crawl, walk, run: Accelerating security maturity in the AWS Cloud

Amazon Web Services (contributors)

December 2023 (document history)

For many organizations, security is the number one priority and consideration when migrating to the cloud. Implementing cloud security capabilities and controls is not a one-time activity—it's an iterative model. You gradually increase your security posture and maturity as you increase cloud operations. For example, you might start with AWS managed policies and then, when your organization is ready, you can implement custom policies that follow the principle of least privilege.

This guide provides a roadmap for using a crawl, walk, run methodology to accelerate your organization's maturity in cloud security. It defines a step-by-step approach to automate security capabilities. It also pragmatically explains how to get the most functionality out of AWS services and features. This guide helps you understand the challenges and opportunities in the cloud and how to quickly move forward and achieve success with AWS.

A cloud journey requires building frameworks, managing and maturing operations, and optimizing processes. The following image shows the phases in each stage of the crawl, walk, run methodology: plan, build, assess, operationalize, mature, and optimize.

The six phases in the crawl, walk, run methodology for accelerating security in the AWS Cloud.

The crawl stage consists of planning, building the foundation, and assessing your current security posture. In the walk stage, you operationalize your people, processes, and technology, and then you mature your operations through tuning and measurement. The run stage consists of optimizing through assessment and automation.