Q
Manage Learn to apply best practices and optimize your operations.

Can AWS security features help HealthCare.gov security?

Moving HealthCare.gov onto AWS helped the government improve the safety of the site. Expert Dan Sullivan explains which AWS security features were most beneficial.

The history of HealthCare.gov has been riddled with security issues, but it recently moved to AWS. What specifically,...

if anything, about AWS could improve HealthCare.gov security?

Healthcare.gov security has certainly made the news in the past. Moving the site to Amazon Web Services (AWS) obviously improved the scalability and availability, but it also allowed the Centers for Medicare and Medicaid Services (CMS) to take advantage of security features of the Amazon cloud.

Using a cloud provider allows customers -- including the CMS -- to share security responsibilities. For example, Amazon is responsible for securing the physical infrastructure of its service. The same economies of scale that drive down the cost of computing and storage services also benefit security practices. Policies, procedures and monitoring protocols can all scale as additional physical infrastructure is brought online.

Amazon is also responsible for some levels of network security, particularly those related to Internet and cross data center traffic. Customers begin to assume responsibility for network security at the level of logical isolated networks. AWS offers virtual private clouds (VPCs), which can be thought of as virtual networks within the AWS network. Each VPC is logically isolated from other VPCs, so no traffic moves between them unless explicitly configured to do so. VPCs are configured with a range of IP addresses, a set of subnets, routing tables, network gateways and other security settings.

A best practice in the AWS environment is to treat infrastructure as software. Open source configuration tools such as Chef and Puppet complement AWS services, including OpsWorks and Cloud Configuration. These tools and services allow architect and system administrators to define sets of resources in configuration files, such as servers, load balancers and block storage devices. These files are used to automatically deploy resources as demand dictates.

AWS security features, such as identity management and key management services, are popular among customers. Identity management services enable the use of groups, roles, users and privileges to limit access to services and resources. Key management services help securely store cryptographic keys and implement associated best practices like key rotation.

While each of the individual AWS security features, along with low-level network and physical security features, can incrementally improve security, the tight integration of all these services is perhaps one of the most important reasons why running applications in an IaaS cloud, such as AWS, can offer levels of security for lower costs than implementing comparable levels on premises.

Ask the Expert:
Want to ask Dan Sullivan a question about cloud security? Submit your questions now via email. (All questions are anonymous.)

Next Steps

This SearchCloudSecurity tutorial offers AWS security best practices

Learn more about HealthCare.gov's security woes and the lessons enterprises can learn from them

This was last published in October 2015

Dig Deeper on Cloud Computing Infrastructure as a Service (IaaS) Security

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Which AWS security features does your enterprise rely on?
Cancel

-ADS BY GOOGLE

SearchSecurity

SearchCloudComputing

SearchAWS

SearchCloudApplications

SearchServerVirtualization

SearchVMware

ComputerWeekly.com

Close