AWS Cost Optimization

While moving to the cloud saves cost when compared to on-premises IT models, it is important to inspect possible mistakes that could lead to unplanned cloud costs. Based on customer cost optimization consultations with AWS, some organizations have seen up to a 33% reduction in cloud spending waste. Here we provide some tips and resources to recognize cloud cost optimization.

Cloud cost optimization improves forecasting and cost predictability and provides visibility into usage patterns to the right size for organizations’ specific needs and can help identify mismanaged resources, reserving capacity for higher discounts, and right-sizing services to scale. One place…


Driven by the need for greater productivity, lower costs, and more recently being able to scale a remote workforce, organizations around the world are moving their IT workloads to the cloud. Planning a move to the cloud requires upfront pre-migration planning; this is as important as the implementation itself. But it can be daunting to know where to start or what needs to be in place for a successful migration.

Here are seven tips for successful cloud migration:

  1. Have a solid business case for cloud migration: Cloud migrations make sense when they offer a tangible benefit to your organization. Outline…

Protecting Data at Rest in AWS

Data at rest represents any data that you persist in non-volatile storage for any duration in your workload. This includes block storage, object storage, databases, archives, IoT devices, and any other storage medium on which data is persisted. Protecting your data at rest reduces the risk of unauthorized access when encryption and appropriate access controls are implemented.

Encryption and Tokenization are two important but distinct data protection schemes.

Tokenization is a process that allows you to define a token to represent an otherwise sensitive piece of information (for example, a token to represent a customer’s credit card number). A token…


Protecting Data in Transit

Data in transit is any data that is sent from one system to another. This includes communication between resources within your workload as well as communication between other services and your end-users. By providing the appropriate level of protection for your data in transit, you protect the confidentiality and integrity of your workload’s data.

Implement secure key and certificate management: Store encryption keys and certificates securely and rotate them at appropriate time intervals with strict access control. The best way to accomplish this is to use a managed service, such as AWS Certificate Manager (ACM). It lets you easily provision…


Compliances on AWS

Compliance regulations are some of the most important guidelines your organization needs to meet. Whether it’s global compliance programs like SOC, PCI DSS, or an ISO standard, or U.S.-specific standards like NIST for FISMA or Health Care related HIPAA regulations, there’s a great deal you’ll need to audit and report on. Fortunately, if you use Amazon Web Services (AWS), they’ve already done some of the heavy liftings for you.

AWS achieves this through a “Shared Responsibility Model” that clearly divides compliance responsibilities. We’ll dig into that a little more below.

Compliance Areas Where AWS Can Help

AWS provides support for…


CIS AWS Foundations Benchmark

For the first time ever, the Center for Internet Security (CIS)has issued a set of security best practices specific to an individual cloud service provider via the CIS AWS Foundations Benchmark, the result of a partnership between the CIS and Amazon Web Services. These best practices, which are accepted throughout the industry, give concise, step-by-step instructions for AWS users.

Embracing these CIS Benchmarks will make your life easier in a number of ways:

  • It removes the guesswork for security professionals: You no longer have to worry about the foundational security measures in your AWS infrastructure. …

What is PCI DSS?

The Payment Card Industry Data Security Standard (PCI-DSS) is a proprietary information security standard administered by the PCI Security Standards Council, which was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc.

PCI DSS applies to entities that store, process, or transmit cardholder data (CHD) or sensitive authentication data (SAD), including merchants, processors, acquirers, issuers, and service providers. The PCI DSS is mandated by the card brands and administered by the Payment Card Industry Security Standards Council.

Shared Responsibility Model:

As a company providing services to the customer on the AWS…


The AWS Well-Architected Framework describes the key concepts, design principles, and architectural best practices for designing and running workloads in the cloud. The AWS reference architecture comprises the foundational questions based on the experience of thousands of customers. The goal of the AWS well architected structure being simple — enable customers to measure the AWS architecture against best practices and address shortcomings.

AWS has divided the Well-Architected Framework into five distinct sections or Pillars. Each Pillar is designed to help you tackle a specific aspect of your environment.

Dhaval Soni

Dhaval is a seasoned Solutions Architect with expertise in designing, implementing, securing, and managing enterprise cloud computing solutions for customers.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store