When DXC announced Blueprint Two infrastructure was going to be a custom cloud-native digital platform running on AWS to replace the legacy mainframes, safety was definitely one of the concerns.
Since little more than this has been already announced, let’s look closer into AWS offering on security of their cloud solutions – perhaps it’s a good starting point to understand the security offering of the Blueprint Two initiatives?
AWS offers a lot of protection as a supplier – but this is a market standard. Every supplier offers safety certifications of some sort. In the case of AWS there are ISO certificates, encrypting of the resources, automatic updates of EC2 machines and databases, finishing with safety of the data itself.
Nevertheless, everyone has to deal with security incident occasionally. AWS provides solution, CloudTrail to track actions taken by a user, role, or an AWS service. And customizable alerts in CloudWatch – if certain sequence of events occurs, an alert goes off. Tracking and Alerting will enable the operator to respond swiftly to any threat. Main reason for data leak incident seems to be related to the activity of customers’ developers, not AWS providing a faulty solution. But the human factor in many cases turns out to be the weakest link.
On compliance, AWS offers accordance with GDPR, and any local regulations relevant to the country they have their data centres. All in all, security of the cloud is delivered, security IN the cloud is dependent on customer.
Please treat the above as an attempt to understand safety in AWS (and the whole Blueprint Two initiative) better. We will keep our Acini fingers on the pulse and pursue more knowledge on the subject going forward. Time will tell which AWS solutions exactly will go as ‘Blueprint Two Out of the box solution’.
Policy Life Cycle – AWS
- Insights