In the AWS Well-Architected Framework, which of the following is NOT a Security design principle to design solutions in AWS?
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: A.
Security needs to be applied at all network layers, like edge of network, VPC, all instances & application with the VPC.
Applying Security controls at the edge of the network is not an efficient security control & against security design principles.
As per AWS Well-Architected Framework, the following are the design principles for security in the cloud:
· Implement a strong identity foundation.
· Enable traceability.
· Apply security at all layers.
· Automate security best practices.
· Protect data in transit and at rest.
· Keep people away from data.
· Prepare for security events.
Options B, C, & D are incorrect as these are part of security design principles that need to be followed while implementing security controls in the cloud.
For more information on Security Design Principle with AWS Well-Architected Framework, refer to the following URL:
https://docs.aws.amazon.com/wellarchitected/latest/framework/sec-design.htmlThe AWS Well-Architected Framework provides a set of best practices and guidelines for designing and operating reliable, secure, efficient, and cost-effective systems in the AWS Cloud. The framework is based on five pillars: Operational Excellence, Security, Reliability, Performance Efficiency, and Cost Optimization.
In the Security pillar of the AWS Well-Architected Framework, the following design principles are recommended:
A. Apply Security at all layers B. Enable traceability C. Automate security best practices D. Protect data in transit and at rest E. Keep people away from data F. Prepare for security events
Therefore, the answer to the given question is A. "Apply Security only at the edge of the network" as it is not a recommended Security design principle in the AWS Well-Architected Framework.
Applying security only at the edge of the network is a traditional security model that assumes that the perimeter of the network is secure and that attackers are outside the network. However, with the increasing number of threats, this model is no longer sufficient. Applying security at all layers means implementing security controls at the application, data, and network layers. By doing so, security is enforced regardless of the location of the user or the application.
Protecting data at rest and in transit means implementing encryption and other security controls to ensure that data is not compromised while it is stored or transmitted. Implementing a strong identity foundation means establishing a secure and reliable authentication and authorization mechanism. Enabling traceability means logging and monitoring all activities to detect and respond to security events.