# Design principles The security pillar of the AWS Well-Architected Framework sets out principles that can assist to strengthen the security of your workload: + **Implement a strong identity foundation:** Implementing the principle of least privilege is foundational to the security of life sciences workloads. Centralize identity management, and aim to avoid reliance on long-term static credentials. + **Implement the principle of separation of duties:** Avoid conflicts of interest, abuse, errors and detect control failures that include security breaches, information theft, and circumvention of security controls. + **Be continually inspection-ready:** Monitor, alert, and audit actions and changes to your environment in real time. Integrate log and metric collection with systems to investigate and remediate issues automatically. + **Apply security at each layer:** Apply a defense in depth approach with multiple security controls. Security should apply to each layer, from the edge of the network to the application and code. + **Automate security best practices:** Automated software-based security mechanisms improve your ability to scale more securely, rapidly, and cost-effectively. + **Encrypt data in transit and at rest:** Classify your data to identify health data and other sensitive data. Use encryption, tokenization, and de-identification to decrease the sensitivity of data, and implement access controls. + **Keep people away from data:** Use mechanisms and tools to reduce the need for direct access or manual processing of health data, consistent with the principle of least privilege. + **Prepare for security events:** Prepare for an incident by having incident management and investigation policy and processes that align to your organizational requirements and applicable regulatory frameworks.