- Talk to an Expert
Talk to an Expert
' + bio + ''); $(this).closest('.leaders-row').find('.leader-bio').show(200); $(this).closest('.vc_column_container').find('p').css({backgroundColor:"#ececec"}); }); /* $('.leadership-faces .hidden-xs img').on('mouseover', function () { var bio = $(this).closest('.vc_column_container').find('h5').html(); var who = $(this).closest('.vc_column_container').find('p strong').html(); $(this).closest('.leaders-row').find('.leader-bio').html('' + bio + ''); $(this).closest('.leaders-row').find('.leader-bio').show(200); $(this).closest('.vc_column_container').find('p').css({backgroundColor:"#ececec"}); }); $('.leadership-faces .hidden-xs img').on('mouseout', function () { var who = $(this).closest('.leaders-row').find('.leader-bio h6').data('who'), self = this; $(this).closest('.leaders-row').find('.leader-bio').hide(200); setTimeout(function () { var who2 = $(self).closest('.leaders-row').find('.leader-bio h6').data('who'); $(self).closest('.vc_column_container').find('p').css({backgroundColor:"#fff"}); if (who == who2) { $(self).closest('.leaders-row').find('.leader-bio').html(''); } }, 200); });*/ }); // GENERAL LOADSsetTimeout(function () { jQuery('.lw-buttonify').each(function () { var url; if (jQuery('a', this).length < 1) { return; } url = jQuery('a', this).eq(0).attr('href'); jQuery('a', this).on('click', function (e) { e.preventDefault(); }); jQuery(this).on('click', function () { location.href = url; }); }); jQuery('body').on('focus', '.hubspot-form-panel input.hs-input, .hubspot-form-panel select.hs-input, .hubspot-form-panel textarea.hs-input', function () { jQuery(this).closest('.field').addClass('touched'); }); jQuery('.banner-footer-strap p') .append('') .append('') ; jQuery('body').on('click', '.mobile-talk-to-expert-cta span', function () { jQuery('body, html').animate({ scrollTop: jQuery(".hubspot-form-panel").offset().top - 40 }, 200); }); jQuery('.add-arrow').not('.listing-item-more, .no-add-svg').append(' '); }, 250); (function header_when_hubspot_ready () { if (window.hasOwnProperty('hubspot') && jQuery('.hubspot-form-panel input.hs-input').length > 0) { jQuery('.hubspot-form-panel input.hs-input, .hubspot-form-panel select.hs-input, .hubspot-form-panel textarea.hs-input').not('select').each(function () { if (jQuery(this).val().length > 0) { jQuery(this).closest('.field').addClass('touched'); } }); } else { setTimeout(header_when_hubspot_ready, 250); }}()); 
- 1
- 0
- Security
- Tags: AWS
In recent years, many retailers and eCommerce giants migrated major projects to Amazon Web Services (AWS), including Nordstrom, instacart, Time Inc., and Ticketmaster. In a risk-averse industry that tends to follow rather than lead, this is yet another indication of AWS’ market domination.
But how are these companies meeting AWS cloud security challenges? Is the cloud really secure enough for consumer data?
Amazon Web Services (AWS) Security Considerations
As an IT leader, it is your responsibility to conduct a thorough risk assessment of AWS. But before you do, understand that it is crucial to differentiate between the security of the AWS cloud, and security in the AWS cloud.
The security of the cloud, a.k.a. the security of the physical and staff resources of AWS, is usually the biggest worry. Here are some resources to help you gauge AWS’ commitment to security:
- AWS Security Whitepaper – AWS canonical whitepaper on its security practices. Continually updated to address the security specifications for every AWS service.
- Independent security audits of AWS – AWS provides certification reports that describe how AWS infrastructure meets international security standards, including:
- ISO 27001 – a widely recognized international security management standard
- SOC – 3rd party examination reports on AWS security and availability controls
- FedRamp – the security standard for the federal government
- Case studies on AWS security: Financial Industry Regulatory Authority (FINRA), Pacific Life Insurance
Every IT person you talk to will have a different opinion of AWS cloud security. It is important to trust independent audits over individual opinions, which often reflect concerns over individual SaaS or PaaS products and are not founded by experience in AWS.
Security in the cloud refers to the security of systems built on top of AWS. While AWS provides a simplified system for administrators to both implement and audit standard security measures, it by no means replaces these traditional measures nor promises the security of your systems. Just as in a traditional data center or private cloud, the security of your system is your responsibility.
Some important points to reinforce:
- AWS is not responsible for the security of any system built in AWS, see AWS Shared Responsibility Model
- However, AWS has provided many tools to facilitate the enforcement of security best practices, including audit tools, compliance “checkers” and more, see AWS Security Tools
- Many of the tools you already use to protect your environment — like WAFs, network setup, central authentication, etc. — can be applied to AWS
- AWS regularly publishes security best practice documentation based on customer experience, see all Security Documentation
Security in the cloud has many of the same features of network and application-level security in a traditional environment, though many organizations enlist outside help in translating traditional protections to AWS.
Is AWS eCommerce “More Secure” than Your Datacenter?
Whenever a CIO or CTO claims that AWS is more secure than their datacenter, as GE did last year, what they usually mean is that the security tools that AWS provides enable greater transparency and reinforcement of traditional security measures.
In other words, datacenters are secure, but migrating applications on AWS led these organizations to tighten security controls and reinforce these controls with automation in the process of migrating to the cloud. Automation is possible though not nearly as simple in bare metal hosting. Organizations of every size can take advantage of the power of security automation.
As an example, rather than relying on an engineer to build your network structure every time you want to expand capacity, your engineer can build a template of your organization’s “best practice” network configuration that gets replicated and improved again and again, usually in an AWS tool called CloudFormation. Automating instance and network configuration significantly reduces the opportunity for engineers to make security mistakes; engineers do not have to manually configure security groups, networks, user access, firewalls, encrypted volumes, DNS names, log shipping, etc. They do not have to “remember” best practices every time they spin up a new AWS instance, which is arguably the most vulnerable time in an instance’s life.
Not incidentally, these cloud automation features are why AWS was created in the first place. Amazon did not just require endless compute power, they wanted a layer of abstraction between their developers and their systems that enabled them to test and ship new features more quickly. Underneath the covers, automation and templatization are what has allowed Amazon to become the eCommerce giant they are today.
What about PCI Compliance?
AWS is PCI Level 1 Compliant, meaning that the underlying physical infrastructure has been audited and approved by an authorized independent Qualified Security Assessor. In fact, AWS was the first cloud platform to earn PCI DSS Level 1 compliance. This covers the compliance “of the cloud.” What about compliance “in the cloud”?
Every retailer that processes credit card payments must be PCI certified. AWS’ certification provides an immediate benefit to retailers by taking care of the compliance of the infrastructure, but retailers must prove that people and processes are also compliant. Numerous organizations have received PCI certification on the AWS platform, and many claim that certification is significantly less costly and time-consuming on AWS than in their own datacenter.
To help ensure best practices are covered, many retailers work with a partner with AWS Commerce Competency, experienced in translating PCI compliance guidelines to AWS, which include security items such as:
- Central authentication in AWS IAM and AD
- Encryption of volumes
- Naming conventions and organization of Security Groups
- Monitoring and logging with AWS CloudTrail, CloudWatch, etc.
- Failure/recovery testing
Expose Your Engineers to AWS Security Features, Early and Often
No matter where you host your eCommerce workloads, it will likely be your staff that expose you to security threats, not AWS. (95% of security attacks are the result of human error, according to Gartner.) That is why the most important advice to follow is to expose your staff to AWS early and often, and give them unlimited access to expert PCI and security help.
Enterprises usually accomplish this by running a POC project on AWS using a Managed Service Partner. Running a POC project trains your internal development staff on AWS integration within defined parameters. Using a Managed Service Partner with Commerce Competency that clearly defines PCI responsibilities will reduce the security and compliance risk of your engineering staff. If the MSP is experienced in PCI, they should have controls to ensure that mistakes are automatically corrected — a crucial set of tools for any new AWS team.
If your organization is still skeptical about security in AWS, a POC project is the fastest way to convince business and IT leaders alike. In the end, there are secure AWS environments and unsecure AWS environments; it is the team that controls your AWS environment that makes the difference.
Learn how your organization’s data can be secured in the AWS cloud — connect with a Logicworks’ AWS Certified Solutions Architect.
February 24, 2016
-
-
-
Leave A Comment
Manage Cookie Consent
We use technologies like cookies to store and/or access device information. We do this to improve browsing experience and to show (non-) personalized ads. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
FunctionalAlways active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage optionsManage servicesManage {vendor_count} vendorsRead more about these purposes
View preferences
{title}{title}{title}
Logicworks Control Tower
AWS Control Tower is a purpose-built management utility for building, organizing, and maintaining multiple AWS Accounts. Control Tower allows you to deploy accounts programmatically by using predetermined templates that assign specific guardrails. Security, identitify management, logging, cost management, and other key business functions can be defined and executed through a successful Control Tower implementation. Control Tower operates across Organizational Units and defines rulesets through Service Control Policies. Control Tower Account Factory automates the deployment and configuration of new accounts.
Sessions & Milestones
Briefing & Discovery
Logicworks will lead a workshop to introduce core concepts including use cases, management, automation, and governance. The requirements for your deployment will be identified and documented, to align our technical resources around your project goals & objectives.
Architecture Design
Based on your requirements, Logicworks will present the recommended architecture design. Our team will share a diagram of the proposed configuration and review the specifics points of your deployment.
Transfer Knowledge
When your deployment is complete, Logicworks will present the details to your team and provide a guided walkthrough of the environment.
Scope & Details
Scope
- Organization Units
- Governance Requirements
- Security Guardrails Definition
- Service Control Policies.
- AWS Config Rules
- Service Control Policy Definitions
- Guardrail Deployment
Deliverables
- Default Control Tower in Desired Region
- Administer Guardrails
- Configure Account Factory
- Provide Reusable IAC Template for Default VPC
- Standardized Networking & Route Tables
- Administer AWS SSO Configuration (can include integration with Active Directory)
- Document Multi-Account Structure and Governance Strategy
- Deploy Up To 2 Customizations for Control Tower (CfCT)
- Cloud Solution Documentation detailing Control Tower Solution
- Architecture Diagram and Technical Specifications
Logicworks Control Tower
Logicworks Control Tower Accelerator is ideal for AWS users who would benefit from a multi-account management strategy. It includes an out-of-the-box well-architected, secure Landing Zone, that will provide a foundation for your AWS environment.
Discovery & Requirements Workshop
Control Tower Discovery & Requirements session covering:
- Organization Units
- Security Guardrails Definition (Service Control Policies, AWS Config Rules)
- Define service control policies.
- Define guardrails based on governance requirements.
Architecture Design Workshop
Presentation and Workshop for Architecture Design, discuss and sign off on recommended solution (workshop)
Cloud Solution Documentation detailing
Control Tower solution with architecture diagram and technical specifications
Control Tower Deployment
- Default Control Tower in the desired Region
- Administering guardrails
- Configuring Account Factory Provide
- Reusable IAC template for a default VPC with standardized networking & route tables Administer
- AWS SSO configuration (can include integration with Active Directory)
- Document multi-account structure and governance strategy
- Deploy up to 2 Customizations for Control Tower (CfCT), per the design workshop
We architect your cloud with a deep understanding of how to enable security, resilience, scale, and efficiency.
- Accelerated Migration to AWS/Azure
- Achieve greater security and governance
- Mitigate Cost and Maximize ROI
- Streamline day-to-day cloud Operations
- Modernize tools and platforms
- Overcome staffing challenges with a stable tenured team
Please complete this form to have a specialist contact you.
Consult with a Sr. AWS Solutions Architect to learn how you can improve cost efficiency, security, performance, and compliance. This session is free with no strings attached.
Identify quick wins to improve performance
Improve cost efficiency by 20-30%
Get ready for a compliance audit
- 1
- 0
1
0- Security
- Tags: AWS
In recent years, many retailers and eCommerce giants migrated major projects to Amazon Web Services (AWS), including Nordstrom, instacart, Time Inc., and Ticketmaster. In a risk-averse industry that tends to follow rather than lead, this is yet another indication of AWS’ market domination.
But how are these companies meeting AWS cloud security challenges? Is the cloud really secure enough for consumer data?
Amazon Web Services (AWS) Security Considerations
As an IT leader, it is your responsibility to conduct a thorough risk assessment of AWS. But before you do, understand that it is crucial to differentiate between the security of the AWS cloud, and security in the AWS cloud.
The security of the cloud, a.k.a. the security of the physical and staff resources of AWS, is usually the biggest worry. Here are some resources to help you gauge AWS’ commitment to security:
- AWS Security Whitepaper – AWS canonical whitepaper on its security practices. Continually updated to address the security specifications for every AWS service.
- Independent security audits of AWS – AWS provides certification reports that describe how AWS infrastructure meets international security standards, including:
- ISO 27001 – a widely recognized international security management standard
- SOC – 3rd party examination reports on AWS security and availability controls
- FedRamp – the security standard for the federal government
- Case studies on AWS security: Financial Industry Regulatory Authority (FINRA), Pacific Life Insurance
Every IT person you talk to will have a different opinion of AWS cloud security. It is important to trust independent audits over individual opinions, which often reflect concerns over individual SaaS or PaaS products and are not founded by experience in AWS.
Security in the cloud refers to the security of systems built on top of AWS. While AWS provides a simplified system for administrators to both implement and audit standard security measures, it by no means replaces these traditional measures nor promises the security of your systems. Just as in a traditional data center or private cloud, the security of your system is your responsibility.
Some important points to reinforce:
- AWS is not responsible for the security of any system built in AWS, see AWS Shared Responsibility Model
- However, AWS has provided many tools to facilitate the enforcement of security best practices, including audit tools, compliance “checkers” and more, see AWS Security Tools
- Many of the tools you already use to protect your environment — like WAFs, network setup, central authentication, etc. — can be applied to AWS
- AWS regularly publishes security best practice documentation based on customer experience, see all Security Documentation
Security in the cloud has many of the same features of network and application-level security in a traditional environment, though many organizations enlist outside help in translating traditional protections to AWS.
Is AWS eCommerce “More Secure” than Your Datacenter?
Whenever a CIO or CTO claims that AWS is more secure than their datacenter, as GE did last year, what they usually mean is that the security tools that AWS provides enable greater transparency and reinforcement of traditional security measures.
In other words, datacenters are secure, but migrating applications on AWS led these organizations to tighten security controls and reinforce these controls with automation in the process of migrating to the cloud. Automation is possible though not nearly as simple in bare metal hosting. Organizations of every size can take advantage of the power of security automation.
As an example, rather than relying on an engineer to build your network structure every time you want to expand capacity, your engineer can build a template of your organization’s “best practice” network configuration that gets replicated and improved again and again, usually in an AWS tool called CloudFormation. Automating instance and network configuration significantly reduces the opportunity for engineers to make security mistakes; engineers do not have to manually configure security groups, networks, user access, firewalls, encrypted volumes, DNS names, log shipping, etc. They do not have to “remember” best practices every time they spin up a new AWS instance, which is arguably the most vulnerable time in an instance’s life.
Not incidentally, these cloud automation features are why AWS was created in the first place. Amazon did not just require endless compute power, they wanted a layer of abstraction between their developers and their systems that enabled them to test and ship new features more quickly. Underneath the covers, automation and templatization are what has allowed Amazon to become the eCommerce giant they are today.
What about PCI Compliance?
AWS is PCI Level 1 Compliant, meaning that the underlying physical infrastructure has been audited and approved by an authorized independent Qualified Security Assessor. In fact, AWS was the first cloud platform to earn PCI DSS Level 1 compliance. This covers the compliance “of the cloud.” What about compliance “in the cloud”?
Every retailer that processes credit card payments must be PCI certified. AWS’ certification provides an immediate benefit to retailers by taking care of the compliance of the infrastructure, but retailers must prove that people and processes are also compliant. Numerous organizations have received PCI certification on the AWS platform, and many claim that certification is significantly less costly and time-consuming on AWS than in their own datacenter.
To help ensure best practices are covered, many retailers work with a partner with AWS Commerce Competency, experienced in translating PCI compliance guidelines to AWS, which include security items such as:
- Central authentication in AWS IAM and AD
- Encryption of volumes
- Naming conventions and organization of Security Groups
- Monitoring and logging with AWS CloudTrail, CloudWatch, etc.
- Failure/recovery testing
Expose Your Engineers to AWS Security Features, Early and Often
No matter where you host your eCommerce workloads, it will likely be your staff that expose you to security threats, not AWS. (95% of security attacks are the result of human error, according to Gartner.) That is why the most important advice to follow is to expose your staff to AWS early and often, and give them unlimited access to expert PCI and security help.
Enterprises usually accomplish this by running a POC project on AWS using a Managed Service Partner. Running a POC project trains your internal development staff on AWS integration within defined parameters. Using a Managed Service Partner with Commerce Competency that clearly defines PCI responsibilities will reduce the security and compliance risk of your engineering staff. If the MSP is experienced in PCI, they should have controls to ensure that mistakes are automatically corrected — a crucial set of tools for any new AWS team.
If your organization is still skeptical about security in AWS, a POC project is the fastest way to convince business and IT leaders alike. In the end, there are secure AWS environments and unsecure AWS environments; it is the team that controls your AWS environment that makes the difference.
Learn how your organization’s data can be secured in the AWS cloud — connect with a Logicworks’ AWS Certified Solutions Architect.
February 24, 2016
Leave A Comment
Manage Cookie Consent
We use technologies like cookies to store and/or access device information. We do this to improve browsing experience and to show (non-) personalized ads. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
FunctionalAlways active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage optionsManage servicesManage {vendor_count} vendorsRead more about these purposes
View preferences
{title}{title}{title}
Logicworks Control Tower
AWS Control Tower is a purpose-built management utility for building, organizing, and maintaining multiple AWS Accounts. Control Tower allows you to deploy accounts programmatically by using predetermined templates that assign specific guardrails. Security, identitify management, logging, cost management, and other key business functions can be defined and executed through a successful Control Tower implementation. Control Tower operates across Organizational Units and defines rulesets through Service Control Policies. Control Tower Account Factory automates the deployment and configuration of new accounts.
Sessions & Milestones
Briefing & Discovery
Logicworks will lead a workshop to introduce core concepts including use cases, management, automation, and governance. The requirements for your deployment will be identified and documented, to align our technical resources around your project goals & objectives.
Architecture Design
Based on your requirements, Logicworks will present the recommended architecture design. Our team will share a diagram of the proposed configuration and review the specifics points of your deployment.
Transfer Knowledge
When your deployment is complete, Logicworks will present the details to your team and provide a guided walkthrough of the environment.
Scope & Details
Scope
- Organization Units
- Governance Requirements
- Security Guardrails Definition
- Service Control Policies.
- AWS Config Rules
- Service Control Policy Definitions
- Guardrail Deployment
Deliverables
- Default Control Tower in Desired Region
- Administer Guardrails
- Configure Account Factory
- Provide Reusable IAC Template for Default VPC
- Standardized Networking & Route Tables
- Administer AWS SSO Configuration (can include integration with Active Directory)
- Document Multi-Account Structure and Governance Strategy
- Deploy Up To 2 Customizations for Control Tower (CfCT)
- Cloud Solution Documentation detailing Control Tower Solution
- Architecture Diagram and Technical Specifications
Logicworks Control Tower
Logicworks Control Tower Accelerator is ideal for AWS users who would benefit from a multi-account management strategy. It includes an out-of-the-box well-architected, secure Landing Zone, that will provide a foundation for your AWS environment.
Discovery & Requirements Workshop
Control Tower Discovery & Requirements session covering:
- Organization Units
- Security Guardrails Definition (Service Control Policies, AWS Config Rules)
- Define service control policies.
- Define guardrails based on governance requirements.
Architecture Design Workshop
Presentation and Workshop for Architecture Design, discuss and sign off on recommended solution (workshop)
Cloud Solution Documentation detailing
Control Tower solution with architecture diagram and technical specifications
Control Tower Deployment
- Default Control Tower in the desired Region
- Administering guardrails
- Configuring Account Factory Provide
- Reusable IAC template for a default VPC with standardized networking & route tables Administer
- AWS SSO configuration (can include integration with Active Directory)
- Document multi-account structure and governance strategy
- Deploy up to 2 Customizations for Control Tower (CfCT), per the design workshop
We architect your cloud with a deep understanding of how to enable security, resilience, scale, and efficiency.
- Accelerated Migration to AWS/Azure
- Achieve greater security and governance
- Mitigate Cost and Maximize ROI
- Streamline day-to-day cloud Operations
- Modernize tools and platforms
- Overcome staffing challenges with a stable tenured team
