Why the AWS Security Specialty Should Be Your Next IT Certification

With cybersecurity an increasingly vital skill in the world of cloud computing, it’s never been more important to add security certifications to your or your team’s personal knowledge base. Cloud migration is happening at a rapid pace, with Gartner predicting that by 2020, 75% of organizations will have deployed a multi-cloud or hybrid cloud model. Most organizations will have at least some portion of their workload in the cloud, and Amazon Web Services (AWS) is the leading provider of these services. As sensitive data and servers move to cloud providers like AWS, protecting your company’s cloud infrastructure can no longer be an afterthought. 

AWS is the dominant cloud computing provider, with more than double the market share of its closest competitor, Microsoft Azure. It continues to grow in popularity thanks to the wide array of products and services it offers, along with partnerships with other tech giants like VMware. Not only are organizations securing their data with cloud solutions like AWS, but many also use these same services to secure business continuity through product features like Disaster Recovery as a Service (DRAAS), which hosts disaster recovery environments in the cloud. Security for cloud computing is not only about current data, but also about how you’ll guarantee data in the future should a disaster or breach occur. 

My new course, Clear and Simple AWS Advanced Security 2020, prepares network administrators, cloud architects, software engineers, and other technical roles to use AWS security features and to pass the AWS Certified Security – Specialty certification. Since this course and the exam assumes students have existing AWS knowledge, I recommend completing the AWS Architect Associate certification before diving deeper into AWS security tools.  

In this article, I’ll explain more about the security features in AWS and the skills you’ll want to focus on to earn your certification.

Why security is a shared responsibility

A strong understanding of AWS Security will allow you and your team to create networks, data storage, virtual servers, and databases that are properly protected from unauthorized access. But it’s important to know that secured systems are considered a two-way street in AWS; both the customer and the cloud provider must take security seriously. 

AWS operates under something it calls a Shared Responsibility Model, which as the name implies, states that security and compliance are managed by both AWS, as the cloud systems provider, and you, the customer. AWS takes responsibility for the security of the cloud, which means protecting the hardware, software, networking, and physical facilities that make up the cloud infrastructure. The customer takes responsibility for security in the cloud, meaning it’s up to the customer to configure the security services AWS provides. It’s on the customer — your company — to properly implement services such as identity and access management (IAM), server-side encryption, firewalls, networking traffic protection, and more. 

So, while a platform like AWS brings countless efficiencies to an organization’s technical infrastructure, internal expertise in your organization is a necessity to ensure that services are used properly to meet your unique security needs.

The advantage of AWS for cloud security 

In a cloud computing environment, you can’t rely on the same security practices that would exist in an on-premises datacenter. AWS has a large ecosystem of security partners, including Symantec, CheckPoint, TrendMicro, and many others. These relationships allow customers to leverage some of the best security solutions on the market inside of their AWS accounts. 

The fine-grain identity and access controls — which we’ll look at in the next section — of AWS ensure that the appropriate access is granted to resources. Its robust support for automation of security tasks makes compliance and standardization possible while reducing the likelihood of human error. In my experience, the maturity and consistent product investment of AWS gives its security features an advantage over other cloud providers.

6 areas to study for the AWS Advanced Security exam

Learners should understand the appropriate security incident responses in different situations. Automated alerting should be properly configured, and responsive actions should be taken according to AWS recommendations. I’ve identified six key areas learners should focus on when preparing for the AWS Certified Security – Specialty exam, which include:

• Identity and access management (IAM): A solid understanding of IAM policies and designing scalable authorization and authentication systems is required for passing this exam. On the job, you’ll need to know how to securely configure an AWS account from Day 1 of implementation. You should be able to differentiate between IAM Managed, Customer Managed, and Inline Policies, and how to configure each. 

• S3 Security: Knowing how to manage S3 (Simple Storage Service) security is key to protecting sensitive company and customer data. You should be able to configure bucket policies, access control lists (ACLs), and IAM policies related to S3, and understand the results of policy conflicts.

• Identity federations: It is important to understand identity federations, which offers a centrally located way to access AWS resources. This can be used to integrate with on-premises systems like Active Directory or Web Identity Providers like Facebook. Federation can also be used with IAM services to enable single sign-on (SSO) to AWS accounts, an important feature for growing technical teams to manage accounts and users.

• Activity monitoring and logging: A strong understanding of logging and monitoring using CloudWatch, CloudTrail, AWS Config, and AWS Inspector is essential. You must be able to implement, troubleshoot, and design security monitoring and alerting.

• Virtual network design: You should be able to design a secure network using Virtual Private Cloud (VPC) features, such as security groups, network access lists, NAT Gateways, route tables, and VPC flow logs. One use case of a VPC is that a company can create dedicated instances with hardware that is physically isolated from other AWS customer accounts. 

• Infrastructure design: The ability to design a security infrastructure at all layers is required to set your business up for secure cloud use. You must understand how to use solutions like the AWS web application firewall and CloudFront at the edge, third-party web application firewalls, security groups, network ACLs, and other security features.

Thanks to the popularity of AWS, there’s a high demand for employees with demonstrable AWS skills and certifications. The continued year-over-year growth of AWS ensures that more certified staff will be needed in the future as companies deepen their adoption of cloud services. In fact, the 2019 Global Knowledge IT Skills and Salary Report found that AWS certifications increased salaries for IT professionals by up to $12,000. 

As more companies move to distributed and remote workforces, ensuring your company’s technical security is a crucial piece of your cloud strategy. Join me in my course, Clear and Simple AWS Advanced Security 2020, and build your team’s AWS security expertise. After completing the AWS Certified Security – Specialty exam, encourage your team to pursue additional specialty certifications; I recommend the AWS Network Specialty as a logical progression to take after this course.