Keep up-to-date with security recommendations

PostedNovember 27, 2024

UpdatedMarch 21, 2025

ByKevin McCaffrey

Maintaining an up-to-date understanding of security recommendations from AWS and the wider industry is crucial for effectively managing the security posture of your workload. Evolving your security practices in response to new threats and best practices ensures that your systems remain secure and compliant.

Best Practices

Regularly Review AWS Security Bulletins

Subscribe to AWS Security Bulletins to receive timely updates on vulnerabilities, patches, and security best practices.
Develop a routine for reviewing these bulletins as part of your operational processes to ensure that critical updates are not missed.
Assess the relevance of each bulletin to your workloads; prioritize applying patches and updates based on your risk assessment.

Monitor Industry Security Trends

Follow industry blogs, newsletters, and security organizations to stay informed about emerging threats and best practices.
Participate in security forums and webinars to gain insights and share experiences with peers.
Utilize threat intelligence services to enhance your understanding of the threat landscape relevant to your workloads.

Implement Automation for Security Updates

Use Infrastructure as Code (IaC) tools to automate the deployment of security patches and updates to your resources.
Implement Continuous Integration/Continuous Deployment (CI/CD) practices that include automated security checks for new deployments.
Schedule regular maintenance windows to apply updates in a controlled manner, minimizing downtime and potential disruptions.

Conduct Regular Security Assessments

Schedule regular security assessments and penetration testing to identify vulnerabilities in your workloads.
Utilize automated security assessment tools to continuously scan for vulnerabilities and compliance with security recommendations.
Use results from these assessments to update your threat model and security controls proactively.

Educate and Train Your Team

Provide regular security training sessions for your teams to ensure they are aware of the latest threats and security practices.
Encourage a culture of security awareness, where team members continuously share knowledge about security incidents and solutions.
Incorporate security as a key topic in onboarding processes for new team members.

Questions to ask your team

How frequently do you review the latest AWS Security Bulletins?
What processes are in place to ensure that security recommendations are incorporated into your workload?
How do you evaluate and prioritize new security recommendations from AWS and industry sources?
Who is responsible for monitoring updates related to security best practices?
Can you describe a recent security update you implemented based on AWS recommendations?

Who should be doing this?

Security Analyst

Monitor AWS Security Bulletins for updates and recommendations.
Evaluate and assess the impact of security updates on existing workloads.
Implement necessary changes in response to security advisories.
Create and distribute reports on security posture improvements.
Collaborate with teams to integrate security recommendations into operational practices.

DevOps Engineer

Automate the deployment of security patches and updates.
Integrate security scanning tools in CI/CD pipelines.
Ensure infrastructure as code mirrors the latest security best practices.
Conduct regular reviews of security controls and incident response processes.
Collaborate with security teams to validate security controls.

Compliance Officer

Stay informed about relevant industry security standards and compliance requirements.
Ensure that practices align with AWS and industry security recommendations.
Perform regular audits of security practices and recommend improvements.
Document security processes and changes to maintain compliance.
Coordinate training for team members on current security protocols.

Information Security Manager

Oversee the security strategy for workloads and ensure alignment with best practices.
Facilitate communication between teams regarding security updates and recommendations.
Lead initiatives to enhance the overall security posture of workloads.
Review and approve security policies and procedures.
Act as a liaison between the organization and external security resources.

What evidence shows this is happening in your organization?

Security Recommendations Dashboard: A dashboard that aggregates and displays current AWS security bulletins, industry security news, and recommended best practices for cloud workload security. This tool helps teams stay informed and make timely updates to their security posture.
Security Best Practices Checklist: A comprehensive checklist that outlines best practices for securing workloads, including regular updates on AWS security recommendations. This document serves as a guide for security teams to ensure all aspects of security are addressed regularly.
Incident Response Playbook: A playbook detailing the steps to respond to security incidents, integrating AWS security recommendations and threat intelligence updates. It ensures that response teams are prepared and aligned with the latest security practices.
Threat Intelligence Report Template: A template for compiling threat intelligence reports that include AWS security bulletins and industry trends. This report assists in evolving the organization’s threat model and adapting security controls accordingly.
Security Training Guide: A training guide designed for staff to keep them informed about AWS security recommendations and how to implement them effectively in their daily operations. This document fosters a culture of security awareness within the organization.

Cloud Services

AWS

AWS Security Hub: AWS Security Hub aggregates security findings from across your AWS accounts, helping you stay updated on your security posture with actionable insights.
AWS CloudTrail: AWS CloudTrail enables governance, compliance, and operational and risk auditing of your AWS account by providing event history for your AWS account activity.
AWS Config: AWS Config provides AWS resource inventory, configuration history, and configuration change notifications to enable security and compliance auditing.
Amazon GuardDuty: Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to help you protect your AWS accounts.
AWS Systems Manager: AWS Systems Manager provides operational data from multiple AWS services in a single interface, allowing you to automate tasks and maintain security compliance.

Azure

Azure Security Center: Azure Security Center helps you prevent, detect, and respond to threats with advanced security features and security recommendations.
Azure Monitor: Azure Monitor collects, analyzes, and acts on telemetry from your cloud and on-premises environments to enhance security and performance.

Google Cloud Platform

Google Cloud Security Command Center: Google Cloud Security Command Center allows you to prevent, detect, and respond to threats across your cloud services with a centralized dashboard.
Google Cloud Armor: Google Cloud Armor provides DDoS protection and a web application firewall that helps secure applications from common threats and vulnerabilities.

Question: How do you securely operate your workload?
Pillar: Security (Code: SEC)

Operational Excellence

Determine what your priorities are

Structure your organization to support your business outcomes

Organizational culture to support your business outcomes

Implement observability in your workload

Reduce defects, ease remediation, and improve flow into production

Mitigate deployment risks

Be ready to support a workload

Uilize workload observability

Understand the health of your operations

Manage workload and operations events

Evolve your operations

Security

Securely operate your workload

Manage identities for people and machines

Manage permissions for people and machines

Detect and investigate security events

Protect your network resources

Protect your compute resources

Classify your data

Protect your data at rest

Protect your data in transit

Anticipate, respond to, and recover from incidents

Incorporate and validate the security properties of applications throughout the design, development, and deployment lifecycle

Reliability

Manage service quotas and constraints

Plan your network topology

Design your workload service architecture

Design interactions in a distributed system to prevent failures

Design interactions in a distributed system to mitigate or withstand failures

Monitor workload resources

Design your workload to adapt to changes in demand

Implement change

Back up data

Fault isolation to protect your workload

Design your workload to withstand component failures

Test reliability

Plan for disaster recovery (DR)

Cost Optimization

Implement cloud financial management

Govern usage

Monitor your cost and usage

Decommission resources

Evaluate cost when you select services

Meet cost targets when you select resource type, size and number

Use pricing models to reduce cost

Plan for data transfer charges

Manage demand, and supply resources

Evaluate new services

Evaluate the cost of effort

Performance

Select the appropriate cloud resources and architecture patterns for your workload

Select and use compute resources in your workload

Store, manage, and access data in your workload

Select and configure networking resources in your workload

Support more performance efficiency for your workload

Sustainability

Select Regions for your workload

Align cloud resources to your demand

Take advantage of software and architecture patterns to support your sustainability goals

Take advantage of data management policies and patterns to support your sustainability goals

Select and use cloud hardware and services in your architecture to support your sustainability goals

Implement organizational processes support your sustainability goals