Using AWS, you will gain the control and confidence you need to securely run your business with the most flexible and secure cloud computing environment available today. As an AWS customer, you will benefit from AWS data centers and a network architected to protect your information, identities, applications, and devices. With AWS, you can improve your ability to meet core security and compliance requirements, such as data locality, protection, and confidentiality with our comprehensive services and features.

AWS allows you to automate manual security tasks so you can shift your focus to scaling and innovating your business. Plus, you pay only for the services that you use. All customers benefit from AWS being the only commercial cloud that has had its service offerings and associated supply chain vetted and accepted as secure enough for top-secret workloads.

Telenutrition has approached Beyon Solutions to host their website on Amazon Web Services. One of their main concerns was the security of their environment and the controls in place to protect their data. Telenutrition needs to protect and encrypt their data at rest and in transit because they will have a lot of personal information from their customers.

To meet Telenutrition requirements and concerns, Beyon Solutions has implemented the following AWS services and features.

Protect data in Transit

Implement secure key and certificate management: Store encryption keys and certificates securely and rotate them at appropriate time intervals while applying strict access control; for example, by using a certificate management service, such as AWS Certificate Manager (ACM).

Enforce encryption in transit: Enforce your defined encryption requirements based on appropriate standards and recommendations to help you meet your organizational, legal, and compliance requirements.

Automate detection of unintended data access: Use tools such as GuardDuty to automatically detect attempts to move data outside of defined boundaries based on data classification level, for example, to detect a trojan that is copying data to an unknown or untrusted network using the DNS protocol.

Authenticate network communications: Verify the identity of communications by using protocols that support authentication, such as Transport Layer Security (TLS) or IPsec.

Security at Rest

AWS Key Management Service (AWS KMS): AWS KMS used to encrypt data across AWS workloads, digitally sign data, encrypt within applications using AWS Encryption SDK.

AWS KMS will protect Telenutrition’s data in EC2 and S3 at rest by enabling server-side encryption using KMS Keys that Telenutrition will control and manage, as well Telenutrition will be able to encrypt and decrypt their own data using AWS KMS key.

Telenutrition have the option to use an AWS-managed customer master key (CMK) or manage and set policies for their own keys using AWS KMS, including key rotation and access.

Security Exploits Prevention

When application is up and running there are common security exploits (e.g. OWASP’s top ten) that can be used to degrade the performance of your application, compromise the functionality, or destroy data. Untrusted network traffic, distributed denial of service (DDOS) attacks, and other common web application security exploits should be prevented before reaching application layer.

The following AWS services Beyon Solutions has been implemented to help in preventing and mitigating security attacks to Telenutrition AWS infrastructure, before they reach their back-end servers:

AWS Shield: AWS Shield automatically scrub bad traffic at specific layers that will Protect applications and website against DDOS attacks

Web Application Firewall (WAF): WAF will prevent common security exploits against Telenutrition website, and will block any suspicious access to specific paths in the website and will block any effort to pull data from admins and critical paths.

Security Groups: A security group controls the traffic that is allowed to reach and leave the resources that it is associated with. Beyon Solutions has gathered the IP address of Telenutrition admins to give them needed access to the resources to manage it like SSH, RDP and database port. And restricted all the malicious ports from accessing to the resources and stayed with HTTP and HTTPS ports only. So Telenutrition will event any attacker from identify the running application that uses opened and unused port and harm the environment.