Content management error: Header Banners should not be placed in the Navigation placeholder!
Content management error: Generic Content Banners should not be placed in the Navigation placeholder!
Welcome to the seventh article in our AWS Migration Considerations Series. You can find the start of the series here.
Many successful AWS Cloud migrations are lead from the start by the security and governance function for an enterprise being the first cab off the rank for inclusion and awareness of the transition being proposed.
It is critical that security and governance teams – and operations teams – understand the shared responsibility model; they must be aware of what maintenance and uplift AWS will perform, and what is left as an exercise for the customer or their implementation and operating partner(s).
A common pattern we see is customers trying to recreate their existing on-premises tools in the cloud. These are sometimes unnecessary or are better replaced with cloud-native and cloud scalable solutions to implement the same functionality. This is even more attractive when the solution is fully managed and requires no customer action for security uplift and enablement over time.
A key element is having some architectural standards, shared by all implementation teams, coupled with permitting the security team to inspect your workloads.
In the VPC environment, its good practice to design to minimise the amount of traffic that needs to egress over the Internet and minimise both inbound and outbound access via the ever-present Security Groups (akin to a stateful firewall) that work at the granularity of an instance, not a complete subnet as is traditional for on-premises networks. For more information see our previous whitepaper on restricting lateral movement in the AWS Cloud.
When implementing a Cloud migration, it is an ideal time to also aim to lift all protocols to their end-to-end encrypted equivalents, leveraging automated certificate deployment from Amazon Certificate Manager. Diving deeper, it also a time to lift even the TLS protocol versions used on encrypted communications – restricting the minimum and enabling newer.
The security and governance discussion continues deep with each AWS Cloud service being considered as part of a solution mix.
One key element to keep in mind is 3rd party solutions and services that offer to fix a gap. Often these applications are over exaggerated or are serviced by a cloud-native equivalent. There are no required tools or dashboards that must be in place before you get started.
Modis has been an AWS Consulting Partner since 2013. You can learn more about our AWS Practice and services here.
Content management error: Generic Content Banners should not be placed in the Navigation placeholder!
Content management error: Generic Content Banners should not be placed in the Navigation placeholder!