How to smoothly manage compliance in the cloud?

In essence, the cloud’s security and compliance is a shared responsibility between AWS and your company. As AWS puts it, they are responsible for the security of the cloud, whereas you’re responsible for the security in the cloud.

As such, AWS operates, manages, and controls all the components from the host operating system and virtualization layer down to the physical security of the facilities in which the service operates.

The customer’s responsibility lies primarily in securely setting up and configuring the software in use (including the operating system), employing proper encryption schemes for data at rest and in transit (i.e. network traffic), managing access rights to resources, handling user identities and confidential data etc.

That’s quite a lot to take care of. However, AWS provides tools and solutions that can help you manage everything properly and ensure your resources’ full security and compliance. Let’s take a look at some of the most useful ones.

Tags

In short, tags are used to assign metadata to various resources stored in the AWS cloud. Each tag is a simple label consisting of a customer-defined key and an optional value. Since there can be a lot of them in one cloud, tags make it significantly easier to manage cloud resources. And yes, these tools can then be used to ensure the security and compliance of your cloud. 

What happens when you do not tag your resources? Without a coherent tagging policy, you have little knowledge about your resources and what purpose they serve. Without this knowledge, how can you make sure that your resources are compliant? That’s why we recommend implementing a tagging solution to all our clients.

A dedicated tagging solution allows you to monitor all the resources that can be tagged and perform different activities related to them, such as:

• Correcting tags,
• Creating tickets in Jira,
• Disabling specific resources,
• Setting various notifications.

Tagging allows you to take immediate remediation actions. Another important benefit is that you can manage your resources for cost optimizations.

AWS Config

That’s what you should be most interested in. AWS Config is a tool provided by AWS that enables your company to assess, audit, and evaluate all the configurations of your AWS resources. This tool is primarily used to monitor the configurations of your resources and evaluate them.

With AWS Config, you can quickly review every change in your resource configurations, examine relations between different AWS resources, and analyze the history of configuration changes. You are also able to compare your current configuration against existing guidelines.

Config provides a set of predefined AWS managed rules to verify your resources’ compliance with general best practices. These can be modified and customized to meet the internal policy of your organization.

Session Manager

In general, Session Manager is used for managing sessions (a session is simply a connection made to an instance). This way, you can manage your cloud resources:

• Amazon Elastic Compute Cloud (Amazon EC2) instances
• On-premises instances
• Virtual Machine

One of the most important features of Session Manager is logging and auditing session activity, keeping a record of connections made to your instances and commands that were run on them. So if a member of your IT team needs to perform any task that requires connecting to an instance, the Session Manager verifies his ID and whether he is allowed access to this instance. You are also notified when the user starts and ends the session.

Thanks to AWS Systems Manager Session Manager (that’s the full name of this solution), you get:

• Centralized access control to instances using IAM policies
• No open inbound ports and no need to manage bastion hosts or SSH keys
• One-click access to instances from the console and AWS CLI
• Logging and auditing session activity to meet the internal and third-party requirements

Compliance outsourcing

As a AWS Advanced Consulting Partner, Tameshi has all the necessary resources and knowledge to help you achieve and maintain the required security and compliance level with specific regulations you have to follow.

Working on compliance with an experienced partner entails some vital benefits:

• Full control of resources across small, medium-sized, and even large AWS organizations,
• Laying the foundations for further, more advanced processes around governance and compliance,
• Taking the first step towards reducing cloud infrastructure costs to a minimum possible level.