Security

Safeguarding your data should include a detailed look at security countermeasures in place and bolstering your overall security wherever necessary, including but not limited to physical and internal controls, perimeter, policy and education. There are many moving parts within an organization and the National Institute of Standards and Technology’s suggested framework fits for all organizations. https://www.nist.gov/topics/cybersecurity

Good cyber hygiene and best practices need to be implemented to defend against cyberattacks. The infrastructure that you provision on AWS will not protect itself and AWS will not protect it for you either. Compliance and Security may be a shared responsibility with AWS, but protecting your data protection is a foundational pillar and of paramount importance to Cloud Daddy in protecting your data, so that it is available to you when you need it most – during a disaster.

AWS specifically calls out a “Shared Responsibility Model” in which AWS is responsible for security of the cloud, but the customer remains responsible for security in the cloud. You can read all about it here: https://aws.amazon.com/compliance/shared-responsibility-model/.What is important to note is that customers are expected to protect everything they put into AWS the same way they would if they were hosting it themselves within their data center. Among other things, you are still responsible for updating and patching operating systems – and the same goes for all of your application software, too. However, that is not all. You are also responsible for the configuration of network and firewall on all of your AWS instances. You are on the hook for encryption, authentication and security awareness and training for your staff too, no different than you are now.