Gajus - Fotolia

Can AWS security features help security?

Moving onto AWS helped the government improve the safety of the site. Expert Dan Sullivan explains which AWS security features were most beneficial.

The history of has been riddled with security issues, but it recently moved to AWS. What specifically, if anything, about AWS could improve security? security has certainly made the news in the past. Moving the site to Amazon Web Services (AWS) obviously improved the scalability and availability, but it also allowed the Centers for Medicare and Medicaid Services (CMS) to take advantage of security features of the Amazon cloud.

Using a cloud provider allows customers -- including the CMS -- to share security responsibilities. For example, Amazon is responsible for securing the physical infrastructure of its service. The same economies of scale that drive down the cost of computing and storage services also benefit security practices. Policies, procedures and monitoring protocols can all scale as additional physical infrastructure is brought online.

Amazon is also responsible for some levels of network security, particularly those related to Internet and cross data center traffic. Customers begin to assume responsibility for network security at the level of logical isolated networks. AWS offers virtual private clouds (VPCs), which can be thought of as virtual networks within the AWS network. Each VPC is logically isolated from other VPCs, so no traffic moves between them unless explicitly configured to do so. VPCs are configured with a range of IP addresses, a set of subnets, routing tables, network gateways and other security settings.

A best practice in the AWS environment is to treat infrastructure as software. Open source configuration tools such as Chef and Puppet complement AWS services, including OpsWorks and Cloud Configuration. These tools and services allow architect and system administrators to define sets of resources in configuration files, such as servers, load balancers and block storage devices. These files are used to automatically deploy resources as demand dictates.

AWS security features, such as identity management and key management services, are popular among customers. Identity management services enable the use of groups, roles, users and privileges to limit access to services and resources. Key management services help securely store cryptographic keys and implement associated best practices like key rotation.

While each of the individual AWS security features, along with low-level network and physical security features, can incrementally improve security, the tight integration of all these services is perhaps one of the most important reasons why running applications in an IaaS cloud, such as AWS, can offer levels of security for lower costs than implementing comparable levels on premises.

Ask the Expert:
Want to ask Dan Sullivan a question about cloud security? Submit your questions now via email. (All questions are anonymous.)

Next Steps

This SearchCloudSecurity tutorial offers AWS security best practices

Learn more about's security woes and the lessons enterprises can learn from them

Dig Deeper on Cloud Computing Infrastructure as a Service (IaaS) Security