Best Security Practices, Well-Architected Framework



 

Understanding good practices is essential to do a job well and above all it is even more important if we talk about security issues, protecting our data and creating architectures that are highly performing is an essential task.


Today we are going to see the second pillar of the Well-architecture Framework, which is the security pillar. Basically, what this security pillar tells us is how to take advantage of cloud computing technologies to protect our data, to protect our systems and all the assets that we are going to have on our platform using the different tools that the cloud provides, at our disposal and making use of all good practices.



Why is security important in our architecture?


Beyond everything, the security world is priority number one, number 2 and number 3, it is important because if we want to gain trust in our clients; our clients can be internal clients or external clients.


Internal client can be part of the organization that is supported by the services that are managed by the company, as well as the external clients that consume the services that the organization provides, not necessarily the organization, it has to be an organization that provides services through a page or an application, but it can also be an organization that provides other types of services, but that is supported by systems that the organization deployed in the cloud.


On the other hand, we also have another point that is very important, which are the legal requirements or regulations that we as an organization must properly comply with, we must have the appropriate controls, and that we have to have an appropriate architecture design to comply with those regulations.



Design principles on which the security pillar is based

  1. Implement a solid security foundation, strong identity foundation. Apply concepts of segregation of tasks with automation, centralize the administration of the identity of our users.

  2. Enable traceability, we must monitor, audit the actions in the field and the changes in our environments in real time, in this way we will be collecting the records of the changes that have been made through different services.

  3. Applying security at all levels, we have to defend ourselves everywhere, don’t have to think that security is something that is simply at the final barrier, but that it must be applied to all that it is, it has to be thought of in a profound way.

  4. Automate recommended practices, the idea is to create architectures that are scalable that are secure and have traceability as far as possible.

  5. Protecting our data in transit, basically means classifying the information into different levels of sensitivity, being able to use mechanisms to protect and encrypt it, and having good access control.

  6. Keep distances from data, normally we are used to creating our infrastructures and making information available to everyone, when you have sensitive data it is not so good to be so flexible with access to information. Mechanisms and tools need to be implemented that distance people from having to access data in order to eliminate any risk of data leakage.

  7. Prepare for security events, basically prepare for the worst, for anything that might happen; because when you create an application, when you create a platform, you think about what value it is going to give to the client, but you never think about what happens if someone hacks it, if my application breaks or if it has any security problem. What they can do for this is to run simulations of how they respond to incidents, of how to prepare the infrastructures to protect themselves, to detect what the problem has been that caused them to be able to investigate it and be able to recover.


This is the reason why, one of the main concerns of a company when deciding to move part or all of its computing and data management resources to a cloud computer services, is security.

With Cloud Security you can protect the integrity of cloud-based applications, data, and virtual infrastructure because cybersecurity attackers can exploit security vulnerabilities, using stolen credentials or compromised applications to carry out attacks, interrupt services or steal confidential data of network security.

One of the best solutions is to automate the security of your operation, one of Teracloud´s specialties.


At Teracloud we take care to understand your business, risks, and processes to help you transform, keep your data free of risk, and your company safe and running.


Does your company have any security vulnerabilities? Contact us!






Damian Olguin

Founder and CTO

Teracloud






 


If you are interested in learning more about our #TeraTips or our blog's content, we invite you to see all the content entries that we have created for you and your needs.

Entradas recientes
Archivo
Buscar por tags