EPISODE · Jan 24, 2022 · 14 MIN
Serverless Craic Ep9 AWS Security Pillar
from Serverless Craic from The Serverless Edge · host Treasa Anderson
Send us Fan MailThis week, we're continuing our series looking at each of the pillars of the well architected framework. We talked about the operational excellence pillar in the last episode.We're going to talk about security this time which is our favourite well architected pillar. There are 10 questions for this pillar and a couple of different sections.The well architected security pillar is aimed at checking how secure your organisation is. It goes into things like:How are you managing accounts? Is your control tower hooked up?Are you using guard duty?It promotes team awareness of security across the organisation.The types of things to engage with when looking at workload are blast radius:If something goes down, how are we going to recover it?Or is there a case there for failover?Or resiliency?It is broad but there are things you can zoom in and focus on in that question.With the modern techniques, capabilities and improvements, you can be fine grained and have more accounts. Single sign also helps manage that burden. And AWS organisations, control tower and cloud trail are mature capabilities that help you get a good initial posture.One thing about well architected is that there is a nice flow to the questions and sessions.The first question: 'how do you securely operate your workload?', straight away gets into identity and access management, your inventory of people on machines and how you manage that. Or how do you manage blast radius, permissions, and the process of adding and removing people, accounts, machine accounts and different resources.In a modern cloud environment, rule number one is that it is tightly managed and automated. Normally, it ties back into the enterprise or a broader policy and it gets teams asking what are the authorization controls for this component.The next is one of my favourite: detective controls, how you detect and control security events. I always love the way security people talk about 'left of attack': all the things that happen before the attack. There is the time when the attack happens and that's panic stations. But there's usually a whole bunch of stuff before that, that you can act on. And that could be two years prior. So there's a whole mindset around detecting weird activity when people are probing your system, before the actual attack. That's the hunter side of cybersecurity when people try to find breaches.The next one is data protection. There's stuff here about both encryption etc, in rest and in transition. We have mentioned that code as a liability. Your data can also be a liability that you need to manage appropriately. Organisations have a good data classification document or something that describes data classification as it pertains to the industry or the organisation.The last section is 'incident response'. It's fairly self explanatory. How do you respond and recover from incidents? You want to be well drilled with as much automation as possible. Sounds straightforward. But it's complicated. It ties back to the operational excellence pillar. You're anticipating these events ahead of time. If you're anticipating them, you have associated runbooks or playbooks to facilitate squads in particular circumstances. In the security pillar, there's a nice arc that starts with people and ends with people. It goes through all the technical stuff in the middle. But security is a 'people' responsibility.Serverless Craic from The Serverless Edgetheserverlessedge.com@ServerlessEdgeServerless CrAIc from The Serverless EdgeCheck out our book The Value Flywheel Effect Follow us on X @ServerlessEdgeFollow us on LinkedIn Subscribe on YouTube
What this episode covers
Send us Fan Mail This week, we're continuing our series looking at each of the pillars of the well architected framework. We talked about the operational excellence pillar in the last episode. We're going to talk about security this time which is our favourite well architected pillar. There are 10 questions for this pillar and a couple of different sections. The well architected security pillar is aimed at checking how secure your organisation is. It goes into things like: How are you managin...
NOW PLAYING
Serverless Craic Ep9 AWS Security Pillar
No transcript for this episode yet
Similar Episodes
Mar 26, 2026 ·1m
Mar 19, 2026 ·34m
Feb 18, 2026 ·11m
Feb 11, 2026 ·45m