7 Design Principles of (not only) Cloud Security


No matter if you build your workloads in the cloud or on-premises, there are a number of principles that can help you strengthen your workload security. Lets check them out:

  1. Implement a strong identity foundation
  2. Enable traceability
  3. Apply security at all layers
  4. Automate best practices
  5. Protect data
  6. Keep people away from data
  7. Prepare for security events

1. Implement a strong identity foundation:

Implement the principle of least privilege and separation of duties with appropriate authorization for each interaction with your resources.

Centralize identity management and aim to eliminate reliance on long-term static credentials.

2. Enable traceability:

Monitor, alert, and audit actions and changes to your environment in real time.

Integrate log and metric collection with systems to automatically investigate and take action.

3. Apply security at all layers:

Apply a defense in depth approach with multiple security controls, to all layers.

For example: Edge of network, subnets, load balancing, every instance and compute service, operating system, application, and code.

4. Automate security best practices:

Automated security mechanisms improve your ability to scale more rapidly and cost-effectively.

Create secure architectures, including the implementation of controls that are defined and managed as code in version-controlled templates.

5. Protect data in transit and at rest:

Classify your data into sensitivity levels. Define and use appropriate encryption, tokenization, and access control mechanisms for each individual sensitivity level.

6. Keep people away from data:

Use mechanisms and tools to reduce or eliminate the need for direct access or manual processing of data.

This reduces the risk of mishandling, accidental leakage, or modification and human error when handling sensitive data.

7. Prepare for security events:

Prepare for incidents by creating incident management processes that align with your organizational requirements.

Run incident response simulations and use tools with automation to increase your speed for detection, investigation, and recovery.


Want to learn more about these principles and how you can apply them in practice?

Check out the Security Pillar of the AWS Well-Architected Framework.


If you enjoyed this post, here's two things you can do:

  1. Follow me on Twitter and LinkedIn!
  2. Share this post with your peers!

Dennis Traub

Developer Advocate at AWS | Coder & Solutions Architect | Cloud Expert with 30 Years in Tech

Recent Posts