Migrating workloads to the cloud is clearly a strategic initiative for many businesses, and the benefits that clouds offer are becoming more and more evident, but are you migrating your workloads safely and securely? At RiverMeadow we often get asked the following essential questions in regards to security:

  • Is migrating to the cloud secure?
  • Will RiverMeadow see my or my customers' data?
  • Are there incremental risks because RiverMeadow is a SaaS platform?

 

RiverMeadow worked closely with AWS to develop its SaaS Platform by following its published AWS Security Mandates.  These security mandates are embedded to the core of our Services and Platform architecture. RiverMeadow’s SaaS Platform was explicitly designed for AWS migrations so that it could provide high performance, source to target, secure workload migrations.  No data is seen by RiverMeadow nor does it pass thru our Platform. All data runs via a direct connection between the source and target which is set up and managed by the customer or partner.

The AWS Architecture Framework is based on five fundamental elements - operational excellence, security, reliability, performance efficiency, and cost optimization.  The combination of these elements creates a well-designed cloud environment, able to handle any workload and the issues that might occur in the migration process.

Read on to learn more about the security standards that RiverMeadow passes and how these influence cloud migration!


AWS Security Standards

The security pillar includes the capacity to protect data, systems and other assets while delivering business value through migration strategies. In order to ensure maximum security, RiverMeadow SaaS aligned its processes with the AWS design principles, and also with the security requirements in different areas of the cloud.

 

Design Principles:

  • Identity foundation - refers to the adoption of separation of duties strategy, that will ensure an appropriate authorization for each interaction with the cloud.
  • Traceability - refers to the integration of logs and metrics with systems to automatically monitor, alert and audit actions in real time.
  • Security on all layers: rather than focusing on protecting one single layer, RiverMeadow focuses on applying a defense-in-depth approach integrated with other security controls, according to AWS recommendations. This includes security options for edge network, subnet, virtual private cloud, operating system, as well as other applications.
  • Automated security: implementing an automated security mechanism improves the ability to create a secure architecture, which includes controls that are managed as code in version-controlled templates.
  • Protection of data in transit and at rest: this standard requires a classification process of data into different sensitivity levels, by using encryption and tokenization when possible. This will reduce the direct human access to data, which will ultimately reduce the risk of loss or modification.
  • Security events preparation: it refers to the implementation of an incident management process that aligns with each company’s requirements. The system will run incident simulations and will increase the speed of detection, investigation, and recovery.

Along with these design principles that RiverMeadow has adopted in its SaaS solution to ensure greater security, we also take into account AWS best principles for different areas in the cloud.

For each area, RiverMeadow answers a series of questions that are adapted to each business specifications. Here are the five areas we are focusing on:

Identity and Access Management: this area aims to provide access to resources only to authorized and authenticated users. To ensure that, RiverMeadow defines from the very start the users, specific policies for them, and implements strong credential management according to the AWS standards.

Detective Controls: this area is focusing on identifying potential security incidents, which is an essential part in supporting a quality process and a legal or compliance obligations. In AWS, we are able to implement controls by processing logs, events, and alarming systems.

Here is the primary question that guides our initiatives:

Infrastructure Protection: this specific area includes a well-designed control methodology, such as multi-factor authentication, which is necessary to meet regulatory obligations. This is also critical in ensuring the success of ongoing operations. RiverMeadow uses the Amazon VPC to create a private, secure and scalable environment in which we define the migration strategy.

Data Protection: each company’s data is very important, and to make sure that nothing affects it during the migration, RiverMeadow uses different techniques to support the client’s objectives such as preventing financial loss. For example, we use data classification to categorize organizational information, and encryption to protect it by limiting unauthorized access.

Incident Response: even when having everything put in place when it comes to security, RiverMeadow still creates a backup solution for potential security incidents, as AWS standards recommend.

Acknowledging how critical security can be when planning your AWS migration is the first step to ensure project success. RiverMeadow has adopted all the AWS best practices and recommendations into its Platform providing a bulletproof migration tool, the only one available on the market that passes all the AWS security mandates.

Are you still concerned about security when migrating data to AWS? Our team of consultants can demonstrate how each measure safeguards your enterprise’s data throughout the cloud migration process. Get in touch with us now to find out more!