Security Foundations - AWS Well-Architected Framework

Security Foundations

SEC 1  How do you securely operate your workload?

To operate your workload securely, you must apply overarching best practices to every area of security. Take requirements and processes that you have defined in operational excellence at an organizational and workload level, and apply them to all areas. Staying up to date with AWS and industry recommendations and threat intelligence helps you evolve your threat model and control objectives. Automating security processes, testing, and validation allow you to scale your security operations.

Best Practices:

  • Separate workloads using accounts: Organize workloads in separate accounts and group accounts based on function or a common set of controls rather -than mirroring your company’s reporting structure. Start with security and infrastructure in mind to enable your organization to set common guardrails as your workloads grow.

  • Secure AWS account: Secure access to your accounts, for example by enabling MFA and restrict use of the root user, and configure account contacts.

  • Identify and validate control objectives: Based on your compliance requirements and risks identified from your threat model, derive and validate the control objectives and controls that you need to apply to your workload. Ongoing validation of control objectives and controls help you measure the effectiveness of risk mitigation.

  • Keep up to date with security threats: Recognize attack vectors by staying up to date with the latest security threats to help you define and implement appropriate controls.

  • Keep up to date with security recommendations: Stay up to date with both AWS and industry security recommendations to evolve the security posture of your workload.

  • Automate testing and validation of security controls in pipelines: Establish secure baselines and templates for security mechanisms that are tested and validated as part of your build, pipelines, and processes. Use tools and automation to test and validate all security controls continuously. For example, scan items such as machine images and infrastructure as code templates for security vulnerabilities, irregularities, and drift from an established baseline at each stage.

  • Identify and prioritize risks using a threat model: Use a threat model to identify and maintain an up-to-date register of potential threats. Prioritize your threats and adapt your security controls to prevent, detect, and respond. Revisit and maintain this in the context of the evolving security landscape.

  • Evaluate and implement new security services and features regularly: AWS and APN Partners constantly release new features and services that allow you to evolve the security posture of your workload.