Do you know what your servers currently run?
AWS is large and unless it is automated, it can be difficult to comprehend and know what is operating where.
AWS and cloud providers in general, have expanded their offerings to an incredibly extensive extent year after year. New services and features are continuously being introduced, and the latest ReInvent will introduce even more.
Limitations on Region & Account usage
To keep control of this growing set of services you could limit the usage to predefined services and disable all others. While this simplifies auditing, it destroys productivity in the cloud as it would remove the ability to use new high level services. Especially when teams are constrained by a limited number of developers and require productivity improvements, this can significantly impact their overall efficiency.
Auditing configurations & policies
While certain limitations, such as availability in specific regions, may be reasonable, services should generally only be disabled for valid reasons and not by default. A more effective approach would be to implement robust auditing configurations and establish policies to detect problematic behavior. Coupled with cost monitoring and unexpected behavior alerts on AWS, teams can receive early notifications of issues and respond promptly.
With AWS Config, SecurityHub, GuardDuty, Inspector, CloudTrail and many other solutions, AWS and similarly Azure give you all the necessary tools and knowledge to build a properly secure and audited system. Using AuditManager, you can schedule and generate regular audit reports, providing leadership with easily accessible summaries whenever required. This routine auditing process fosters a high level of trust in the system, which can be verified even without external assistance.
Conclusion
By combining a robust notification system with well-defined processes for addressing these notifications, cloud services can be developed and maintained with a heightened level of security without overwhelming teams in their daily operations. However, configuring these services and determining which ones to trigger notifications for, based on your unique use cases, can be a complex undertaking.
We’re happy to help identifying the right mix for you and optimize your cloud infrastructure for enhanced security and efficiency.
