Introduction
You must deploy OpCenter in a VPC in your Cloud Service Provider's network in a way that complies with your organization's security policy. AWS describes this as a shared responsibility model in which they take care of the security of the cloud and you take care of the security in the cloud.
Security policies vary across organizations. The policy applied to a small-scale test using publicly available data may be less stringent than the policy applied to a production environment subject to HIPAA regulations. The architecture described here is an example. You must consult with your organization's IT security team to determine the appropriate architecture for your deployment.
The guiding principles of any security policy are the following.
- Limit access to resources as much as possible while still supporting essential functions
- Limit connectivity among resources while still supporting essential functions
- Monitor access and log all authentication and authorization events