Managing a well-architected AWS cloud security framework

Print Friendly, PDF & Email

“And one to bind them…”  J.R.R. Tolkien

This is the final post in a series of seven on the five pillars for well-architected AWS security.  For the entire series, visit the Five pillars – AWS blog page here

Earlier, we described an Actionable Cloud Security Framework as a loop, that feedback from one pillar feeds into the next, and the framework is continually being tuned and managed to comply with the best practices that were established as part of each pillar to keep the framework secure and compliant.  In an era of heightened security risks and concerns, compliance is taking on new meanings, not simply as complying with specific mandated written policies, but with infrastructures that maintain data and security policies that support the mandates to which those organizations are trying to comply.

To that end, a class of products is emerging, as services that monitor and manage organizations’ security postures.  Some of these products are as basic as “benchmark checkers” that will evaluate an organization’s cloud security policies against industry standards such as CIS.  Others aggregate the control planes used in the various pillars into single “pane-of-glass” management tools.  AWS Security Hub is the most recent example of this type of service in AWS.

IT organizations are typically staffed to keep their respective companies or users secure and productive and operate within a defined company framework.  Even those with extensive security understanding and cloud experience are best served by partners whose focus is architecting security.

Once an organization has completed the exercise of defining their five pillars toward well-architected security and developed a strategy to close gaps they identify during this process, they can work with that partner to implement tools and processes they have identified as keys to their well-architected AWS security framework.  These partners can also ensure that hybrid frameworks don’t hamper cloud migrations and leverage, but instead remain integral parts of the organization’s overall security framework.

Those organizations are also then able to focus on the real value they intend to extract from the cloud: digital and operational transformation.  Organizations that understand their IAM framework, for example, can feel secure leveraging AWS services such as Amazon ML (Machine Learning) or artificial intelligence such as Amazon Comprehend, Amazon Personalize and Amazon Textract to build new and transformational workloads without compromising their own security frameworks.


What are an organization’s next steps in this process?  Besides identifying a partner or partners to should part of the burden and ensure those organizations aren’t bogged-down by developing this well-architected framework, organizations should:

  • Identify the key processes within each of these pillars that affect their business operations
  • Identify information which organizations must initially gather to create these pillars (as an example, the roles and permissions they need to extend across users and groups, or the definition of “at-risk” data, etc.)
  • Identify “holes” in their existing security strategy and assess the criticality of each issue as well as which pillars it affects
  • Identify both third party and native AWS services that can be leveraged to address security challenges
  • Build-out a timeline during which organizations can deploy services, procedures, and policies and execute building their well-architected security framework.

Barracuda Networks has worked closely with AWS engineers and services to develop a Cloud Security Posture Management or CSPM solution that aids organizations in identifying and remediating compliance violations that can compromise their security frameworks.  Visit the Barracuda Networks website to learn more about Cloud Security Guardian and how it works with AWS.

This is the final post in the series on Well-Architected AWS Cloud Security.  To view the entire series, visit five pillars blog page here.

Barracuda Cloud Security Guardian secures your cloud infrastructure with an easy-to-use, highly automated solution that helps keep you secure in an era of increasing complexity and multiplying compliance mandates.  For a free scan, visit our website here.

Scroll to top