Explain principles of the Security Pillar.
The security pillar consists of the ability to protect data, systems, and assets in order to take advantage of the cloud technologies in order to improve the security. There are seven principles of the security pillar in the cloud, namely, implement a strong identity foundation, enable traceability, apply security at all layers, automate security best practices, protect data in transit and at rest, and prepare for security events.
Implement a strong identity foundation: For each contact with your AWS resources, implement the least privilege principle, enforce separation of roles, and get the necessary authorization. To reduce dependency on persistent static credentials, centralize identity management.
Enable traceability: This principle deals with monitoring, alerts, and audit actions to be taken based on the changes to the environment in real-time.
Apply security at all layers: Here, the defense in depth approach is applied having multiple security controls and applied to all the layers.
Automate security best practices: This deals with automating the software based security mechanisms in order to improve the ability to securely scale and make it cost effective.
Protect data in transit and at rest: Using various techniques such as encryption, tokenization, and access control wherever possible and required.
Keep people away from data: Enabling mechanisms and tools to reduce or eliminate direct access to data which helps in reducing the risk of mishandling data and human error.
Prepare for security events: Running incident response simulations with automation to increase speed for detection, investigation, and recovery.
Explain principles of the Reliability Pillar.
The reliability pillar has the ability to create a workload in order to perform the function correctly and consistently when it is expected to. The design principles of the reliability pillar are automatically recover from failure, test recovery procedures, scale horizontally to increase aggregate workload availability, stop guessing capacity, and manage change in automation, which are further explained below.
Automatically recover from failure: This principle deals with monitoring the key performance indicators which is triggered when the security is breached and allows for an automatic notification and tracking of failures with automation to anticipate and remediate failures before they occur.
Test Recovery procedures: Testing is conducted to prove the workload, and this principle exposes the failure pathways that can be tested and fixed before a real time scenario occurs which would thus help to reduce the risks.
Scale horizontally to increase aggregate workload availability: The principle deals with replacing large resources with multiple small resources in order to reduce the impact of the failure on the workload.
Stop guessing capacity: One of the causes of failures in the on-premises workloads is the resource saturation, where the demands exceed the capacity of the workload. Thus, in cloud one can monitor the demand and the workload utilization to automate the addition or removal of resources.
Manage change in automation: Any changes to the infrastructure that needs to be made based on the automation and any changes that needs to be managed should include changes to the automation which can then be tracked and reviewed.
Explain principles of the Performance Efficiency Pillar.
The performance efficiency pillar majorly focuses on efficient use of the resources to meet the requirements and how the efficiency can be maintained based on the demand changes and the technologies that evolve. The principles of the performance efficiency pillar are democratize advanced technologies, go global in minutes, use serverless architectures, experiment more often, and consider mechanical sympathy.
Democratize advanced technologies: This is basically making advanced technologies implementation easier by delegating the complex tasks to the cloud.
Go global in minutes: Deploying the workload in various regions of AWS around the world which will allow to provide lower latency and better experience.
Use serverless architectures: This principle deals with serverless architectures in order to remove the need to run and maintain physical servers for the traditional compute activities.
Experiment more often: With the various virtual and automatable resources one can quickly carry out testing using the different types of instances, storages, or configurations.
Consider mechanical sympathy: The principle deals with the usage of technology approach that could better align with the goals.
References:
Design principles - AWS Well-Architected Framework. (n.d.). https://docs.aws.amazon.com/wellarchitected/latest/framework/sec-design.html
Design principles - Reliability Pillar. (n.d.). https://docs.aws.amazon.com/wellarchitected/latest/reliability-pillar/design-principles.html
Design principles - Performance Efficiency Pillar. (n.d.). https://docs.aws.amazon.com/wellarchitected/latest/performance-efficiency-pillar/design-principles.html
Commenti