What are the triad goals of AWS cyber security?

The triad goals of cyber security, including in AWS, are Confidentiality (protecting data from unauthorised access), Integrity (ensuring data is accurate and unaltered), and Availability (ensuring systems and data are accessible when needed). AWS provides services and features to support all three pillars.

How does AWS ensure data confidentiality?

AWS ensures confidentiality through encryption at rest (using KMS) and in transit (using TLS), IAM access policies to restrict who can access resources, VPC network isolation, and security groups. Services like AWS Secrets Manager and CloudHSM provide additional protection for sensitive credentials.

What AWS services support data integrity?

AWS supports data integrity through services like CloudTrail (audit logging), AWS Config (configuration compliance monitoring), S3 object versioning and MFA Delete, and checksums for data transfers. These services help detect and prevent unauthorised modifications to data.

How does AWS ensure high availability for its services?

AWS ensures availability through its global infrastructure with multiple Availability Zones and Regions, Auto Scaling, Elastic Load Balancing, multi-AZ database deployments, and CloudFront CDN. Services like Route 53 provide health checking and failover to maintain uptime during outages.

The Triad Goals of AWS Cyber Security -

July 17, 2020 / Nirav Shah

Have you thought about what following points mean in AWS and cybersecurity in general?

CIA
AAA
Non-repudiation

If you are working as a security consultant that you must be aware of topics like these, but if not, don’t worry we will explain to you in details.

What is the CIA?

It is Confidentiality, Integrity and Availability. Sometimes these three points can be referred to as “The Triad”.

Good examples of confidentiality are things like using data encryption. So encrypting our data at rest, encrypting our data in transit, things like user IDs and passwords. Things like two-factor authentication, which we use in Identity Access Management on AWS. So confidentiality. Think of these as basic level privacy.

Integrity involves maintaining consistency, accuracy and trustworthiness of data over its entire life cycle.

Example

Checksum, when you download a piece of software, there will always be a Checksum next to it, and then you can essentially once you’ve downloaded it, you can check the hash of that software to the Checksum and if they match then you know that the data is correct.

And then Availability

Suppose you set up infrastructure on the cloud, what points are to be you kept in mind?

Example: You want redundancy over everything. So you want your disk to be rated,
you want high availability clusters, you want multiple availability zones, multiple regions,
and you want to design for failure as well so that you basically will have very high availability.

the-triad-goals-of-aws-cyber-security

So now let’s see how AWS can help to the above model.

In confidentiality obviously you wanna keep your data confidential, so we would use things like Identity Access Management, and Multi-Factor Authentication. It might also use things like Bucket Policies, we might use things like security groups, or access control lists within our VPC. That is all about Confidentiality.

In Availability simple and short.

Auto-scaling
Multiple Availability Zones
And we can use Route 53 with health checks, to help us detect the failure and automatic failover.

Integrity

AWS has their own SSL service now, so they’ve got Certificate Managers. So keeping your data with good integrity. And also things like inside S3. So things like Version Control, Multi-Factor Authentication when you’re trying to delete things inside S3, you can require that somebody provides an MFA token before that object is deleted.

You must read this blog “AWS shared responsibility” For more information visit Here.

Spread Love By Sharing:

Nirav Shah

Nirav Shah is the Director of Eternal Web Pvt Ltd, an AWS Advanced Consulting Partner and certified Odoo Partner based in the UK. With over a decade of experience in cloud computing, digital transformation, and ERP implementation, Nirav helps enterprises adopt the right technology to solve complex business challenges. He specialises in AWS infrastructure, Odoo ERP, and web development solutions for businesses across the UK and beyond.