Cloud Security Compliance Checklist

Creating a secure and compliant AWS environment needs to combine a multi-layer approach with a variety of building blocks and controls available in AWS’s ecosystem. Below are 7 key items for your cloud security posture management checklist – plus see our updated 2022 Security Whitepaper for more details and resources!

1. Control access to the AWS console

Use SSO or IDMS, with MFA. Enforce password policies, and different roles & policies for the creation & deletion of resources.

2. Control your perimeter and network security

Design a scalable VPC with a layered subnet architecture to accommodate multiple public and private subnets. Use NACLs to control the type of traffic allowed in any subnet. Limit the use of public IPs.

3. Control your systems security

Use hardened AMIs - from the AWS Marketplace, or your own. Use Security Groups at the instance level to control access to known services from trusted users on known hosts. Use encryption everywhere you can – both for data at rest (S3 buckets, EBS and EFS volumes) and data in motion (using TLS endpoints).

4. Merge AWS and third-party security tools

Use automated tools like Terraform combined with configuration management tools like Ansible, Helm, etc. to build and maintain your environment.

5. Adopt a holistic security posture

Use best-of-breed third-party security and management tools available in AWS’s ecosystem.

6. Monitor your environment

Use AWS constructs like CloudTrail, Config, Trusted Advisory Reports, and Billing Alarms in addition to other CMP, logging and monitoring tools.

7. Back up your environment

Use snapshots. Store a copy off-region or in a separate account.

Learn more and see all our security resources at our Cloud Security Posture Hub, or look through our Case Studies for ideas and inspiration.

Questions? We can help! Reach out to us today.

If you’re dealing with complex infrastructure, security requirements, deployment speeds, or looking for cost efficiencies, contact us today for a no-obligation brainstorm.

See how we can help!