AWS Cloud Adoption Framework from a Security Perspective

AWS Cloud Adoption Framework Security

The AWS Cloud Adoption Framework (CAF) is a framework for best practices which will enable organisations to go from the traditional on-premises IT model to full adoption and integration of cloud services. This framework divides complex IT environments into specific areas of focus to make them more manageable and to enable organisations to develop a clear and concise migration strategy and to build a comprehensive approach to cloud computing.

AWS Cloud Adoption Framework

These specific areas of focus, of which there are seven are known as perspectives and each perspective can be further broken down into components which identify specific aspects which require attention and enable organisations to build accountable plans. These perspectives, components, and activities can be viewed as building blocks on your cloud journey. The seven perspectives support different parts of the organisation and include business, platform, maturity, people, process, operations, and security.

AWS cloud adoption framework

Source: Amazon Web Services

Last year we saw AWS release the Security Perspective of the AWS Cloud Adoption Framework whitepaper. The goal of the security perspective is to help organisations structure selection and implementation of controls that are right for that organisation. The security perspective consists of four components which are: Directive, Preventive, Detective, and Responsive.


  • Directive: Establish governance, risk and compliance models.
  • Preventive: Protect workloads and mitigate threats/vulnerabilities
  • Detective: Provide full visibility and transparency over deployment operations on AWS.
  • Responsive: controls that drive remediation of potential deviations from your security baselines.

These components organise principles that will help transform the security of your organisation and for each component, there are specific considerations and actions that can be taken and also a way to measure progress. The considerations for each component include but are not limited to:

  • Account Governance.
  • Data classification.
  • Change and asset management
  • Identity and access.
  • Infrastructure protection.
  • Data protection.
  • Logging and monitoring.
  • Security testing.
  • Asset inventory.
  • Incident response.
  • Security incident response simulations.
  • Forensics.

The whitepaper also outlines how to define a strategy for security in the cloud as well as how to deliver a security program and develop robust security operations. Once an organisation has clearly defined its cloud security strategy the implementation process can begin. To help with this process AWS provides security epics which are groups of user stories that can be worked on during sprints. There are ten security epics in total: 5 x Core security epics and 5 x Augmenting security epics.

Image result for security epics aws

Source: Amazon Web Services

These scrum epics have multiple sprints associated with them addressing a range of user stories which include use and misuse cases, allowing the organisation to mature its security capabilities through an iterative process addressing increasingly complex requirements and layering in robustness. It may seem that these epics do not lend themselves to the agile approach however they can be treated as general work streams which can be used with any other framework.

Organisations will be concerned with protecting their assets as well as ensuring that they are operating within legal boundaries and complying with any regulatory and government bodies. The AWS security perspective outlines a comprehensive approach to security control selection, workload compliance, validation, and security compliance.

About CloudRanger

CloudRanger allows you to easily schedule automated backups and retention periods of EBS volumes, EC2 and RDS instances with snapshots and AMIs. We help your IT team schedule repetitive AWS tasks, and save a tonne of time! With an easy to use interface, managing your routine AWS tasks is simple.

Start A Free Trial

Why not sign up for our Free 14-Day Trial and try out our features and benefits for yourself.


This entry has 0 replies

Comments open

Leave a reply