Enterprises moving workloads into public cloud are finding that the old security playbook doesn’t transfer cleanly. The controls still matter, but now they have to work in an environment where infrastructure is built through APIs, workloads span dozens of accounts and VPCs, and configurations change several times a day. This article walks through security patterns that hold up in practice for enterprises running on AWS: account separation, network segmentation, identity and access management, centralized logging, configuration monitoring, and recurring assessment with open-source tools like Scout2, Prowler, Security Monkey, and Cloud Custodian. It also spends real time on what these tools cannot do. Service-to-service authentication, inspection of encrypted east-west traffic, container runtime monitoring, and governance across large account fleets are all still hard, and designs that pretend otherwise end up weaker than designs that admit it.
@artical{s6122017ijcatr06121013,
Title = "Defense in Depth for Enterprise Public Cloud Workloads",
Journal ="International Journal of Computer Applications Technology and Research (IJCATR)",
Volume = "6",
Issue ="12",
Pages ="562 - 566",
Year = "2017",
Authors ="Saurabh Srivastava"}