The Infiniti Team will not have access to any customer data. AWS provides a variety of tools and features to keep your account and resources safe from unauthorized use. This includes credentials for access control, HTTPS endpoints for encrypted data transmission, the creation of separate IAM user accounts, user activity logging for security monitoring, and Trusted Advisor security checks.
Managing security in the cloud is much like managing security in on-premises data centers, only without customers having to deal with the costs and complexities of protecting facilities and hardware. Infiniti and AWS manage the underlying infrastructure and customers secure anything they put on the infrastructure or connect to the infrastructure. This shared responsibility model allows customers to manage many familiar areas of their security while also reaping the benefits of the AWS Cloud’s extensive security features.
There are several similarities between managing security in the AWS Cloud and in on-premises data centers.
- Most of the security tools and techniques that customers are already familiar with can be used in the cloud.
- Customers maintain control of their guest operating system and applications and keep them updated with the latest security patches.
- Customers can set up multiple layers of additional protection, including subnets, three-tier architectures with demilitarized zones (DMZs), and hardware VPNs from their office or data center.
- If a customer has multiple users (e.g., developers, testers, administrators) they can create distinct user accounts with individualized access credentials and have the option of MFA.
- Customers also have the option to encrypt their data automatically in the cloud or on-premises before the data is uploaded to the cloud.
There are also many differences between managing security in the AWS Cloud and on-premises data centers. Since there are no physical servers or storage devices to manage, customers use software-based security tools to remotely monitor and protect the flow of information into and of out their cloud resources. Instead of just one firewall protecting all of a customer’s networked resources, every Amazon EC2 instance, Elastic Load Balancer, and Amazon VPC contains a firewall. Customers can create a reusable, hardened baseline image of their Amazon EC2 instance by creating an Amazon Machine Image (AMI) and then automatically load that baseline image on every new instance they launch. Customers have the option to create and manage AWS Identity and Access Management (IAM) user accounts from a central portal, which provides a greater level of control and security over sharing the central AWS account credentials among different users.
In addition, network traffic between AWS Regions, Availability Zones, and individual data centers travels over private network segments by default. These private network segments are fully isolated from the public Internet and not routable externally. Our resources can be configured to reside only on isolated AWS network segments and to avoid utilizing any public IP addresses or routing over the public Internet.