This content is part of the Essential Guide: Use this AWS cloud security guide to protect workloads

To secure AWS, a human touch goes a long way

Even with recent advancements around cloud automation, security and resiliency still require a human touch. Sharpen your skills to keep AWS disruption-free.

Each year, AWS not only expands its line-up of services, but tries to make them easier to use through automation. Still, the human element in cloud is, by no means, obsolete or irrelevant.

While experts differ on which cloud computing skills are the most critical today and valuable for the future, IT teams still rely on human expertise to secure AWS and create resilient cloud environments.

Hone cloud-specific security skills

When you put all your workloads on a public cloud that you don't fully control, "you'd better understand the security implications related to the platform and the practices needed to keep it secure," said Antony Edwards, CTO at Eggplant, a test automation provider.

To secure AWS, IT teams require a different approach and skill set than they would for traditional infrastructure. For example, businesses often misunderstand or misconfigure security for Amazon S3 assets, said Marcus Bastian, owner of Clouductivity, a provider of third-party AWS management tools. Administrators or developers can upload files to S3 without realizing that anyone with a link can download them and, in some cases, list the contents of the bucket to download those private assets.

"Perhaps those assets contain social security numbers or other sensitive information," Bastian said.

Amazon's Virtual Private Cloud (VPC) service, which enables users to create and control their own networks, is another common option to secure AWS deployments. Networking and, again, security skills come in handy when a user wants to create a VPC, Bastian said.

The security landscape is rapidly changing, and it often takes a dedicated professional to protect against evolving threats.
Andy Stonesenior product manager, Sungard Availability Services

"In my experience, I have seen users fuss with networking components, using trial and error until things work," he said. "In many cases, this results in valuable resources being publicly exposed to the internet, with all ports opened to the world."

This has been the culprit behind a significant number of data breaches over the past couple of years.

While a move to the cloud generally reduces the need for many of the classic and specialized IT roles, security analyst is one prominent exception, said Andy Stone, senior product manager at Sungard Availability Services, a provider of IT recovery services. Even as the industry moves toward DevSecOps, it's still vital to have personnel that focus purely on how to secure AWS, or other cloud environments you use.

"The security landscape is rapidly changing, and it often takes a dedicated professional to protect against evolving threats," he said.

The human factor in resiliency

Just as human judgment goes a long way to properly secure AWS, it's of similar value for resiliency and disaster recovery (DR). Generally, organizations lack the necessary skills to take their on-premises DR capabilities into the cloud or to create a direct connection from local infrastructure to AWS, said David Logsdon, a solution architect at Crunch Data, an analytics system integrator. It's a complicated process to move from one region to another, and it often requires specialty disaster recovery expertise, he said.

Finally, many organizations still need human knowledge to piece together complex systems. Outages aren't always binary, so when there is degradation, many factors are still in play, said Matt Stratton, DevOps evangelist at PagerDuty, an operations management platform. In other words, you need a specialist on hand to correctly diagnose and avoid more infrastructure disruption when an outage occurs.

"This proves that [the importance of] human reasoning and creativity, as well as experience and knowledge of integral business components, cannot be underestimated," he said.

Dig Deeper on AWS infrastructure

App Architecture
Cloud Computing
Software Quality