With an outline of what you are responsible for from an AWS customer perspective and a refresher of the baseline services that will be discussed throughout the different scenarios in your journey, this first section will conclude with an examination of some of the top risks that your cloud environment can be exposed to.
Even though this is not explicitly considered as one of the domains tested for on the Certified Security Specialty exam, these scenarios may be presented to you in the form of questions that are part of the exam itself.
Furthermore, understanding the different techniques that bad actors can use to evade the basic security measures placed on your account, as well as the mitigation techniques used to stop and prevent them, is helpful in your day-to-day responsibilities as a cloud security engineer.
The following topics will be covered in this chapter:
Successful completion of this chapter will require a basic understanding of AWS services and networking concepts.
The more customizable your service or platform, the more responsibilities you hold as the customer and, therefore, the more time and effort you need to both plan your security strategy and assess the attacks to which you are susceptible. These attacks can come from different angles and different points of entry. Having an understanding of the guidelines of best security practices helps, but as you will see in this chapter, grasping the mitigation techniques for some specific known attacks can ensure more comprehensive protection for your cloud environment.
If you do succumb to an attack, then it might take your business or a line of business down for any period of time. Having the means to restore your systems in a timely fashion is the subject of the first vulnerability that you will learn about.
Business continuity and resilience refers to the ability of a business to continue operations when a disruptive event such as a natural disaster, a technical outage, or an attack such as a ransomware attack occurs. Having a plan in place to mitigate these risks is imperative. When your business is inoperable, then it is not generating any revenue, and any business that is not generating revenue and only has expenses, such as vendors (think AWS, software vendors, and the like), staff, and others, will at some point run out of funds.
In the next section, Mitigation for Business Continuity and Resilience, you will see how you can put a plan in place to continue operations if there are natural disasters, technical outages, or attacks.