Introduction - Logical Separation on AWS


Cloud technology takes advantage of transformative techniques in information technology (IT). One fundamental technique is to offer multi-tenant services that place multiple customers’ applications and data on the same physical infrastructure. This architecture allows cloud service providers (CSPs), like AWS, to maximize use of physical resources so they can offer the value of those resources at a lower cost to customers. It also allows customers to easily update and migrate their workloads with minimal disruption to the latest technology as it continually makes its way into the CSP’s infrastructure. This architectural choice is enabled by the development of powerful and flexible logical security controls that create strong isolation boundaries between customers. Since launching its first cloud services in 2006, AWS has been steadily enhancing its features and controls so that customers can achieve the security posture required to meet their data classification requirements. Customers often find that CSPs, like AWS, enable them to effectively optimize security configurations in the cloud compared to their on-premises solutions.

Customers leveraging AWS can benefit from a data center, network, and software architecture built to satisfy the requirements of the most security-sensitive organizations in the world. AWS provides highly available services and supports a combination of traditional and novel security mechanisms that are intrinsic to its service design and operation.

AWS gives customers rich control over their content and provides tools to determine where their content will be stored and how it will be protected. AWS features provide customers the ability to secure their content in transit and at rest, to tightly control access to AWS services and resources for their users, and to monitor access as well as the evolving state of their systems. Customers of AWS maintain full control over access to their content, which enables architecture to prevent unauthorized users from accessing customer data. All this occurs within a framework of multi-tenant services with strict logical isolation. The logical isolation between customer environments provided by AWS can be more effective and reliable than security seen in dedicated physical infrastructure.