Amazon Web Services (AWS) provides a variety of cloud computing platforms and services on-demand to individuals, organisations as well as the governments. This subscription-based service offers a virtual computing power which can be accessed anytime as long as there is an internet connection, or in some cases, no connectivity at all.
We all know what AWS can do but very few know how AWS can keep the security under control. Let’s find out in this article!
AWS Regions, Availability Zones, Data Centres - what do they mean?
Today, AWS has left their footprints in 190 countries. The widespread of physical locations as well as the extensive global cloud infrastructures enable businesses to deploy quickly, to innovate regularly, to scale up or down on-demand, and more importantly, to be able to do all of the above in a matter of a few hours, 24/7, instead of weeks or months like before.
Infographic: The economics of Cloud ERP at a glance
AWS Data Centres
A data centre, in essence, is a physical facility that houses all the necessary IT equipment, such as servers, storage, network systems, routers, firewalls, etc. In addition, a data centre also includes non-IT elements like electrical switching, ventilation systems, backup generators, telecommunications, etc. The number of servers in each data centre can range from 50,000 to 80,000.
As this is where all of the customers’ data is stored, data centres are critical assets for everyday operations. The facility requires both human and technologies protection against cyber threats, illegal intrusion and natural disasters. Its top-notch security system will be discussed in the later part.
AWS Availability Zones
Each Availability Zone consists of several data centres. The main purpose of designating Availability Zones is to ensure all of AWS utmost critical components are always available, redundant and are in perfect working condition.
Each zone operates independently but is connected through fast, private fibre optic networking. The connection allows ease of transfer between Availability Zones from the same Region.
Each AWS Region houses multiple Availability Zones (the maximum number at the moment is 6 zone in one region, North Virginia). In addition to replicating the data between Availability Zones within the same region, clients can now choose to replicate across different locations and can leverage both public and private connectivity to guarantee their business will never be disturbed.
AWS currently has 55 Availability Zones across 18 geographic regions and planning to have more to further expand their service offers.
Worry about the sheer volume of data that can hinder your data integration? With AWS Snowball Edge, obscenely large amounts of data (up to 100TB per device) can be moved to the cloud with ease in no time.
The 4 layers of security at the AWS data centres
As mentioned above, data centres are critical assets of AWS. In order to establish reliable Availability Zones and Regions, it needs functioning, highly secured data centres. Have you ever wondered what happened to these facilities if a typhoon passes through them or an earthquake occurs?
You can rest assured that even in the worst case scenario, AWS will still remain functional without a hitch. It's all thanks to the extra precautions, extreme care and diligent planning that put into establishing their data centres across the globe.
What makes up AWS security strategy is scalable security controls and four layers of defence.
The environmental layer
This layer deals with site selection for the data centres. AWS puts a strong emphasis on seeking greener, more eco-friendly options for operating the data centres. Their long-term commitment is to use 100% renewable energy. Since its migration from on-premise to the cloud, the amount of carbon emission that AWS release each year is decreased by 88%.
The perimeter layer
This layer comprises security guards, fences, threat detectors, and other security measures necessary tailored specifically to each location.
This layer of security also deals with authorising/ denying access and entry monitoring. Each access must have a reason, must serve a purpose, and is reviewed by designated personnel.
Once the project is finished, the entry pass is immediately revoked. Those who frequently enter the data centres are only given entry to a specific area, and their access is routinely scrutinised, including the area access manager.
The infrastructure layer
This layer keeps the entire data centres up and running. Anything related to the building of the data centres like backup power equipment, HVAC systems, fire suppression systems are all parts of this infrastructure layer.
All equipment, machines, networks must undergo routine check-up, properly stored, and kept abundant in case of emergency. Generators are always available to power for the entire facility. The redundancy in equipment, power, water, telecommunications, internet connectivity, etc. ensures the power supply never goes interrupted or overheated.
The data layer
The only layer that holds all customers’ data. Just like other layers, access to this layer is restricted and under constant surveillance.
Any attempted threat or intrusion will automatically alert the security team and trigger the security cameras. In the unlikelihood of a breach, the servers will be automatically disabled.
The third party undertakes more than 2,600 requirements per year. They also dive into security camera footage, examine the current equipment, devices to ensure their top-notch condition.
Part of the AWS on-going security strategy is to test their security measures, responses, and equipment using simulations that mimic real-life emergencies. The employees are frequently trained so that they'll be able to rebound quickly and accurately when the time comes.
The high availability and extremely resilient systems enable the customers to achieve record recovery time and objectives, endless scalability, and free of error, unlike the traditional infrastructures.