AWS ENS Security

We all know that the public cloud offers a number of advantages over traditional on-premise systems. In summary we have:

- Simplified operation, as the management, operation and maintenance of cloud environments is much simpler and optimized.

- Cost Optimization, paying only for what is used at any given time, thus optimizing resources, licensing, etc.

- Performance Efficiency, providing the necessary performance at all times, without wasting resources.

- Reliability, allowing us to deploy highly available ecosystems by taking advantage of the facilities provided by providers such as AWS with its network of global regions and its architecture oriented to maximum availability.

- Security, by making available a huge portfolio of interoperable and easily manageable solutions to secure applications, systems and data according to the needs and criticality of our environments.

That said, it is particularly interesting to zoom in on the last point, security, since, when assessing whether we can take a workload to the cloud, we must also take into account the regulatory framework to which the workload is subject, i.e. whether the target ecosystem complies with the requirements set at the regulatory level.

Therefore, the fact that the cloud has been audited and has passed the necessary evaluations to be classified as compliant with a regulation that we have to comply with is of vital importance.

In the case of AWS, we find the broadest set of regulations and certifications that a public cloud provider can offer. It has from generic certifications such as the different ISOs to certifications marked by a specific industry: HIPAA for the healthcare sector or PCI DSS for the financial sector, to local certifications such as the security framework developed by the National Cryptologic Center (CCN) of Spain, called the National Security Scheme (ENS).

The ENS is nothing more than a regulation (mandatory for the Public Administration) that establishes principles that guarantee security, prevention, response and recovery.

When we talk about ENS, although it is oriented to the Public Administration, we must not forget that it must also be complied with by those companies that, even though they do not belong to the Administration, have environments or ecosystems that interact with it: this is the case of many Official/Professional Associations.

In this sense, we should not only see the ENS as a regulation, but as an opportunity to adhere to a methodological framework that helps us to have a secure cloud ecosystem, and not only that ecosystem deployed to interact with the Administration, but the ideal is to adopt this top-level security policy for all environments, thus avoiding situations of security breaches, attacks, ransomware, etc.

> Expertise in ENS-compliant Deployments

Deploying an ecosystem according to ENS (low, medium or high) is a challenge when it comes to understanding the impacted services and how they are to be deployed, secured and monitored.

At Neteris we have experience in defining the best practices to ensure that an ecosystem complies with ENS, avoiding that, due to ignorance or carelessness, there are parts of the ecosystem that do not comply with the standard and, what is even worse, can lead to a security breach with even worse implications.

> Business Consulting

Another aspect that we consider very useful at Neteris is that we speak 2 languages:

- Technical Language, in terms of technologies, implementation and deployment best practices, service configuration, security, high availability, etc.
- Business Language, understanding the needs at CEO, CFO, etc. level.

This makes us able to translate business needs into technology, and at the same time show the benefits of that technology to the business units, making it easier for both business and IT to be aligned.

> Managed Services

Precisely from Neteris we managed to compensate this handicap by becoming the extended IT team of this type of companies, freeing the resources with technological knowledge of the less productive tasks oriented to the management of the entire IT ecosystem.

The idea is for the technical staff to focus on the development of solutions, on the search for improvements and new technologies that bring greater competitive advantage to the business, without having to invest time in those daily tasks aimed at, as they say, keeping the lights on.

> Expertise in Cloud Services

Logically, after remarking which are the qualities of a Startup, it was to be expected that the cloud component would be the most important and the best option to support its business model.

At Neteris, we are committed to determine the best solution according to the needs and strategy of a company. In the case of Startups, we are convinced that the public cloud is the only solution capable of satisfying their requirements in a timely manner.

Today we may need a single instance of computation, but tomorrow there may be dozens, or we can even stop worrying about capacity planning and go to services that manage and optimize the entire infrastructure layer according to the load of our environment, requiring only an initial configuration and a code to run, the code of our application.

The idea is that from Neteris we help to compose the puzzle of cloud services that fits with the business at all times, ensuring that, despite the budgetary constraints of a Startup, Business always has the necessary resources at its disposal.