Cloud Computing Assignment: AWS as Security Technology
Task: This cloud computing assignment requires you to focus on one specific security technology of your interest in Cloud computing and write a technical review on it. You need to:
- Discuss the concept, definition and features of the chosen cloud security technology.
- Investigate how the chosen technology has been used for Cloud computing including issues and challenges
- Review existing systems or current solutions of the chosen Cloud security technology, and give more technical details in terms of feature, design, implementation, limitation, etc.
Summarize the state-of-the-art for the work investigated and discuss the trend and technical development.
The concept of cloud computing examined in the present context of cloud computing assignment can be defined as the available databases for users over the internet. With the help of cloud computing, people can access data storage, system resources flawlessly over the internet. However, some significant issues are privileged in the case of cloud computing. SaaS, PaaS and IaaS, all of these are severe to the breaching of data and other data loss-oriented issues that need to be addressed appropriately by implementing security measures within a system. In the case of SaaS, data theft and lack of visibility are the significant issues privileged in the system. In this regard, Amazon Web Services is considered a security technique that can help to anticipate the risks in Cloud computing (Wittig, Wittig & Whaley, 2018). The forthcoming discussion is entirely based on the issues and AWS concept in preventing or anticipating the challenges.
Concept, definition and features of AWS
AWS is a security technique launched by Amazon that provides data protection services that include encryption keys, threat detective monitors (Mukherjee, 2019). Thus, AWS is of utmost crucial and significant to protect workload, account or any other personal information of a person or an organisation. The services of AWS allow people to manage resources, identities and others.
With the help of AWS, an organisation can manage its private database securely. The network architecture of AWS technology allows organisations to improve and secure the core security meeting and compliance requirements. Alongside this, the services of AWS provide comprehensive service to companies to secure data integrity, confidentiality, and protection. The security pillars of AWS secure the infrastructure as the concern regarding data breaching over the internet rises tremendously. AWS services include physical infrastructure, networking protection aspects, software security and others. An organisation can easily manage FedRAMP, DoD, CJIS and others by using the predominant architecture of AWS. Three main concepts and mainly included in the AWS are Data encryption, Security of network and IAM.
Features of AWS
AWS is a fully-featured loaded security service that helps organisations encrypt systems to prevent any data breaching from the systems.
- Provisioning: This is the foremost feature of AWS as it helps companies use the predefined cloud stacks, and it also simplifies the on-demand provisioning of specific data. The integration and automation created by AWS significantly help people to access stand-up applications quickly and flawlessly. Alongside this, an organisation can also easily pre-test a self-service portal's security by implementing an AWS system.
- Continuity management and patch: With the AWS management system's help, an organisation can easily manage and backup it's confidential information using the proper encryption keys (Amazon, 2021b). Also, the patch up feasibility helps to provide more security to a system by incorporating current resources. A company can easily and quickly apply security patches that promote the security level of automated backups and stacks.
Difference between IaaS, PaaS and SaaS
IaaS is known as the Infrastructure As A Service. Its primary function is to deliver computing infrastructure as per the demands of the various companies. It is mainly one of the most critical and fundamental cloud service model servers storage network operating system (GeeksforGeeks, 2020).This system is enriched with dynamic scaling and various resources, and it mainly offers them as a service. Normally, it helps to introduce various users on a single hardware base.
PaaS is known as a Platform As A Service, which is a cloud-based delivery model for the application. It is the model for the third party managed application composed services. It is enriched with the elastic scaling of the applications that permits the developers in order to make the services and the application on internet service (GeeksforGeeks, 2020). However, its deployment mainly incorporates hybrid, private and public credentials.
SaaS is popularly known as Software As A Service. It mainly helps to run a pre-existing online application, and also it is mainly incorporated as a hosting service that is accessed on rephrased output (GeeksforGeeks, 2020). During this, associated data are mainly presented in a centrally hosted manner, which can be used or accessed by the clients over the internet and web-based services. Key differences:
It is mainly used for network architects.
It is used by developers mainly.
It is mainly used by the end-users.
Provides access to various resources, which includes virtual storage and virtual machines.
Provides access for the development and deployment of tools for application.
Provides access to the end-users.
It demands technical knowledge.
It demands technical knowledge to understand the basic set up process.
It does not demand any technical knowledge; the associated organisation take care of things.
It is mainly famous among researchers and developers.
Developers who are mainly associated with the apps and scripts development prefer to use this.
Consumers and company are mainly used for mainly networking and email.
Sun, Amazon web services, Vcloud express
Google search engine and Facebook
Google and Facebook apps, web and M.S office.
Private cloud, AWS virtual
IBM cloud analysis
Use of AWS for anticipating cloud computing issues and challenges
Security infrastructure of AWS
The configuration regarding safeguarding a system requires encryption of software and the installation of firewalls (Amazon, 2021c). The cost of these things is very high that increase the operational cost of a company. As compared to this, the AWS system is inherently advantageous in terms of privacy and network access. AWS does not include any extra costs as a company or an individual only pay the money for the actual resources, and AWS allows access to the inbuilt features.
Logging tools of AWS
AWS allows consumers to seek a deep insight into the network of cloud computing (Soltys,2020). It offers the detection of issues that can affect business operations significantly. Some significant tools included in the AWS services are Amazon Guard Duty, CloudTrail and so on.
Access control and governance
User accounts and permitted to access a specific database can be easily managed by a customer of AWS. Alongside this, the multi-factor authentication of AWS services is very crucial that can protect a system from any harmful cyber-attack (Digitalguardian, 2021).
Amazon merged with several companies that offer various tools and products to consumers. An individual can easily manage the security compliances by using the requirements and regulations like ISO 9001/27001, GDPR, and others (Woolf, 2018). Not only that, but also AWS offers various reporting tools with the help of which a customer can monitor and seek a deep insight into the data compliance in accordance with regulations. However, it can be argued that a customer needs to comply with the existing cloud computing norms and regulations to use them appropriately and safeguard the system's security.
Implementation, design and limitations of AWS
AWS services are based on a crucial approach that is named SbD, which stands for Security by Design. The baselines of security, controls in terms of audit, the safeguard of a system are fundamental aspects included in the AWS' SbD approach. The SbD is based on four phases that help customers to secure an existing system. Phase 1 of SbD includes the outline of the policies, documents of control, and the security norms that need to be applied over a system in order to protect it against vulnerable security issues. Phase 2 of SbD includes the encryption keys, security measures for unauthorised access to a specific database, and configuration options. Phase 3 of SbD includes the template of a catalogue of rules and regulations that need to be applied to a system in order to protect the cloud network (Amazon, 2021a). Along with that, validation activities are included in phase 4 of SbD that helps consumers to build an audit-ready environment that is of utmost crucial to monitor privileged issues over cloud computing systems.
However, AWS services include some significant drawbacks for using AWS services; the IT team of a company should have excellent knowledge as the features and operations of AWS are not so easy. Everyone in a company needs to be aware of the aspect of AWS services in order to operate them appropriately (DataFlair, 2021). Moreover, some significant disadvantages of AWS services are the fee of the technical support team, the limitations of the service and the limitations of Amazon EC2 (Amazon, 2018).
The AWS CLI mainly stores sensitive and vital information with the help of 'aws configure' and a file name of 'credentials', which is situated in a folder named with ‘.aws’ in the home directory (Amazon, 2021d). In the case of less sensitive data, the user can specify it with all ‘aws configure’ and saved it in the '.aws' folder at the local directory by the name of 'config'. However, the user can keep all of the personal profile settings in one file so that AWS CLI can easily access the necessary credentials from the file of ‘config’ (Amazon, 2021d). These files are also accessed by some other language software development kits or SDKs. If the user uses any of the SDKs and the AWS CLI, then the necessary credentials must be stored in the original file. The home directory location is variable along with the operating systems, but it can be advised to use various environment variables like '%UserProfile%’ and others in windows. However, the user can also specify a non-default location in nature for the ‘config’ file by applying the necessary settings in the ‘AWS_CONFIG_FILE’ along with the various environment variables in the other local path (Amazon, 2021d).
The other alternatives of the AWS system are Amazon Web Services, Google Cloud, Microsoft Azure, Oracle Cloud, Alibaba Cloud, IBM Cloud and others (Cloudhealthtech, 2021).
Advantages and disadvantages of AWS
Advantages of AWS:
1. Easy to use: It is a very organised system along with good setups for which new applicant, as well as old applicants, also can use it very quickly and conveniently. It happens due to the AWS Management Console or the well-documented web system (DataFlair, 2021).
2. Without any limit in the capacity: Organisations often launch big projects for which they need ample space, and AWS provides that with ease. It can provide a considerable space at a nominal cost as per comfortability (DataFlair, 2021). However, if anyone wants to retain the old storage, then they can by paying the nominal charges. In this system, the organisations have to pay for their space usage without any limits and with a nominal price tag.
3. Speed and agility: This system works at lightning speed; the user can select the options as per their requirements and can proceed on that (DataFlair, 2021). After that, almost within a minute, it will do the job with perfection. With the help of this, anyone can quickly do their jobs, along with that, they can also use other tools like Auto Scaling and others.
4. Reliable and secure service: With the help of AWS data centres, the system stores data securely and protects private data from any theft or breaching (DataFlair, 2021). It can store a massive amount of data with the help of scaling procedure and AWS cloud usage, and through this, it provides top-notch security services.
1. Security limitation: Due to security reasons and to provide a secure service, some of the features of the AWS system are locked and cannot be changed at any instance (DataFlair, 2021). They are EC-2 classic and EC2-VPC. They are locked to enhance the security margin.
2. Technical support charges: AWS system has a charge for any immediate support (DataFlair, 2021). However, the user can choose from the packages like the developer, enterprise and business.
3. Cloud computing issues: AWS system has some temporary cloud computing issues, which mainly occur when the user moves to a specific cloud system, such as downtime, back up protection and limited control (DataFlair, 2021). However, this is a very nominal issue that can be mitigated after some time.
4. Limitations: AWS has specific limitations which mainly differ from region to region. The resources like images, snapshots, volumes have this kind of limitations. However, it also provides limited information on the specific resources controlled by Amazon EC2 and other services (DataFlair, 2021).
As per the above discussion, it can be concluded that AWS has become a crucial security measure that can be taken into account by companies in order to protect the confidentiality, privacy of a system. Numerous features and low-cost service can help people to manage a specific database properly. The scalability, monitoring and security of a system can be improved to a greater extent by incorporating AWS in the cloud. However, it can be argued that AWS also includes manor disadvantages that need to be encountered by a customer to use the service effectively. The Security issues nowadays are rising tremendously; that is why AWS is of utmost essential to mitigate the issues that can prevent the harmful effect of data leakage on the brand value or personal image.
Amazon, E. C. (2018). Amazon ec2. línea]. Available: https://aws. amazon. com/es/ec2.
Amazon. (2021a). Security by Design - Amazon Web Services (AWS). Retrieved 27 February 2021, from https://aws.amazon.com/compliance/security-by-design/ Amazon. (2021b). AWS Managed Services Features. Retrieved 27 February 2021, from https://aws.amazon.com/managed-services/features/
Amazon. (2021c). Cloud Security – Amazon Web Services (AWS). Retrieved 27 February 2021, from https://aws.amazon.com/security/
Amazon. (2021d). AWS Command Line Interface. Configuration and credential file settings.
Retrieved 10 March 2021, from https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html
Cloudhealthtech. (2021). What Do AWS Alternatives Have to Offer That AWS Can’t Provide Itself?. Retrieved 10 March 2021, from https://www.cloudhealthtech.com/blog/aws-alternatives
DataFlair. (2021). AWS Advantages & Disadvantages | Advantages of Cloud Computing. Retrieved 27 February 2021, from https://data-flair.training/blogs/aws-advantages/DataFlair
. (2021). AWS Advantages & Disadvantages | Advantages of Cloud Computing . Retrieved 10 March 2021, from https://data-flair.training/blogs/aws-advantages/
Digital guardian. (2021). What is AWS Security?. Retrieved 27 February 2021, from https://digitalguardian.com/blog/what-aws-security
GeeksforGeeks. (2020). Difference between IAAS, PAAS and SAAS. Retrieved 10 March 2021, from https://www.geeksforgeeks.org/difference-between-iaas-paas-and-saas/
Mukherjee, S. (2019). Benefits of AWS in Modern Cloud. Available at SSRN 3415956.
Soltys, M. (2020). Cybersecurity in the AWS Cloud. arXiv preprint arXiv:2003.12905.
Wittig, M., Wittig, A., & Whaley, B. (2018). Amazon web services in action. Manning,.
Woolf, C. (2018). All AWS Services GDPR Ready. AWS Security Blog. h ps://aws. amazon. com/blogs/security/all-AWS services-gdpr-ready.