Learn about the approaches to cloud-based security and governance.
- [Instructor] As we get started, it's important to consider why we're learning what we're learning. So why are AWS security and governance so important? Well, when you're able to implement these two functions, you're going to get a result that's reliable, accurate, and highly available. So your applications are going to not only be there and working properly, but also, they're going to be running, and this is very important, via a predictable cost basis.
There are some approaches to consider when we're thinking about learning and implementing security and governance on AWS. The first is What. And what I mean by that is what or which AWS services or third-party services or products are going to be a best fit for our particular needs? Who, who are the team members, who are going to be a best fit to monitor and control security and governance? I've had best success in working with finance or DevOps team members or actually consultants when you first start.
And something that I have seen really go the wrong way frequently is when security and governance is left to the developers, who most commonly don't have a huge interest in these two areas, yet is implemented in completely or sometimes not at all. So I know there's exceptions to the rule, and there are developers that are very proficient at implementing security and governance, but I just find that it's a different interest from different groups. And I think it's important to work with team members, who are interested in this, rather than feeling put upon from the beginning.
Also, When is an important consideration. Security and governance implementations should be baked in from the start of your applications running on the Amazon Cloud. I like to use Just-In-Time or Just-Enough approaches. And what I mean by that is matching the business requirements to the particular security and governance implementations at the time and for the maturity level and for the user basis of the particular applications.
- Security and governance approaches
- Service cost predictability
- Protecting data in-flight and at-rest
- IAM best practices
- Security via AWS Inspector, AWS Trusted Advisor, and AWS KMS
- Console tools for cost control
- Total service costs for AWS
- Using the AWS billing dashboard
- Third-party security and governance tools
- Approaches to security and cost control