Security in the cloud is similar to security in your on-premises data centers — only without the costs of maintaining facilities and hardware. In the cloud, you don’t have to manage physical servers or storage devices. Instead, you use software-based security tools to monitor and protect the flow of information into and of out of your cloud resources. For this reason, cloud security is a Shared Responsibility between the customer and AWS, where customers are responsible for “security in the cloud” and AWS is responsible for “security of the cloud.”
The AWS cloud allows you to scale and innovate while maintaining a secure environment. As an AWS customer, you will benefit from data centers and network architecture designed to meet the requirements of the most security-sensitive organizations. AWS infrastructure is custom-built for the cloud and is monitored 24x7 to help protect the confidentiality, integrity, and availability of our customers’ data. Browse this page to learn more about key topics, areas of research, and training opportunities for cloud security on AWS.
AWS cryptography tools and services utilize a wide range of encryption and storage technologies that can help you protect your data at rest and in transit. Traditionally, data has to be decrypted before it can be used in a computation. Cryptographic computing is a technology that operates directly on cryptographically protected data so that sensitive data is never exposed.
AWS is already at work, preparing for a post-quantum world. AWS has invested in the migration to post-quantum cryptography by contributing to post-quantum key agreement and post-quantum signature schemes to protect the confidentiality, integrity, and authenticity of customer data.
AWS uses automated reasoning technology — the application of mathematical logic to assess cloud security — to help detect misconfigurations and answer critical questions about your infrastructure. Known as provable security, AWS leverages leading insight and applications from AWS security experts to help you achieve the highest possible level of security assurance in the cloud.
Ransomware is not specific to the cloud—in fact, AWS can provide increased visibility and control over your security posture against malware. Raising your security posture begins with reviewing your security program and controls against best practices from AWS, third party organizations, and your internal policies.
Zero Trust is a security model centered on the idea that access to data should not be solely made based on network location. To help you on this journey, a number of AWS identity and networking services provide core Zero Trust building blocks as standard features that can be applied to both new and existing workloads.
Security is a key component of your decision to use the cloud. This documentation can help your organization get in-depth information about both the built-in and the configurable security of AWS services. This information goes beyond “how-to” and can help developers — as well as Security, Risk Management, Compliance, and Product teams — assess a service prior to use, determine how to use a service securely, and get updated information as new features are released. To learn more about how customers use security documentation, read the AWS Security blog post.
Organizations need individuals with deep security knowledge to help protect their business. AWS training courses enable you to build the skillset you need to meet your security and compliance objectives. With a variety of content and training materials curated by experts at AWS, you can stay up-to-date with evolving best practices and security trends in the industry — whether you’re new to the cloud or “all-in” on AWS.
Cloud Audit Academy
Cloud Audit Academy (CAA) is an AWS Security Auditing Learning Path designed for those that are in auditing, risk, and compliance roles and are involved in assessing regulated workloads in the cloud. The CAA curriculum dives into cloud-specific audit considerations and AWS best practices for security auditing aligned to global industry security and compliance frameworks.
Other Suggested Training
AWS Security Control Domains
Data Privacy is about an individual's right to control their data. This video will show you how to use some of AWS tools and services to help protect your data.
Governance is the process that ensures effective and compliant workflow without giving up flexibility to achieve its goals. This video shows you how to use AWS tools and services to help accomplish this.
As the benefits of cloud computing drive increased adoption, Vulnerability Management is more important than ever. This video helps you identify, track and remediate security issues within the cloud environment.
Device Management involves installing and updating operating systems and application patches, managing user accounts, and maintaining up-to-date security on all end-user devices. This video shows you how to remain flexible, while maintaining security, in a world where remote employees and personal device integration is the norm.
Risk Management is a methodology for identifying, managing, and mitigating risks with information, assets, and operations. This video helps you understand how to identify, monitor, and mitigate potential risks to your cloud environment.
Proper network management is all about building a secure, isolated, distributed, and highly resilient network construct that works for you – no matter your workload requirements. This video helps you learn how to do that with AWS tools and services.
Identity management and access control is a discipline that enables the right individuals to access the right resources at the right time and for the right reasons. With AWS identity services, you can manage your workforce and customer identities as well as their access to AWS services and resources.
Incident Response is an organized approach to addressing and managing the threat or violation of security policies and standard practices. A quick response limits damage and reduces recovery time and costs. In the cloud, you need a systematic and organized approach for incident response.
Configuration Management is a process for ensuring consistency in your operational environment. Your governance and compliance set-up will drive the reliability of your cloud implementation, reducing the chance of unpredictable error.
Business Continuity is your ability to maintain essential operations during a disruptive event and then restore normal operations within a reasonable time frame. This video helps you understand how to enable faster disaster recovery of critical IT systems without incurring the infrastructure expense of a second physical site.
Whitepapers, Technical Guides, and Reference Materials
AWS security specialists leverage their first-hand experience to craft technical content that helps expand your knowledge of cloud security. These whitepapers, guides, and reference materials cover best practices for leading trends in the industry, including incident response, compliance in the cloud, and privacy considerations. Peruse the technical content library below to find guidance on how to securely build your future on AWS. You can also visit the AWS Architecture Center to see more best practices for security, identity, and compliance.