Security in the cloud: best practices

Research shows that in the last year, 70% of organizations using public cloud services experienced a security incident. These incidents included ransomware and other malware attacks (50%), exposed data (29%), compromised accounts (25%), and cryptojacking (17%).

96% of these organizations are concerned about their current levels of cloud security, and data security is the top concern for 44% of them. It's a good time to address the fundamentals of cloud security best practices: access to cloud environments and protecting sensitive data.

DevOps brings development and operations together. It enables businesses to continuously develop and deploy services and offerings on the cloud, incorporating customer feedback and new requirements as they arise. Security must be incorporated into this approach from the first stages of development: ensuring the application runs on a safe platform, the code is free from vulnerabilities, and the operational risks are clearly understood.

At Southlights we implement and propose the following guides and best practices for AWS and Google Cloud.

Best practices to help secure your AWS resources

Create a strong password for your AWS resources: To help ensure that you protect your AWS resources, first set a strong password with a combination of letters, numbers, and special characters.

Use a group email alias with your AWS account: Enable multi-factor authentication Multi-factor authentication (MFA) is a security capability that provides an additional layer of authentication on top of your user name and password. 

Set up AWS IAM users, groups, and roles for daily account access: To manage and control access and permissions to your AWS resources, use AWS Identity and Access Management (IAM) to create usersgroups, and roles.

Delete your account’s access keys: You can allow programmatic access to your AWS resources from the command line or for use with AWS APIs. However, AWS recommends that you do not create or use the access keys associated with your root account for programmatic access.

Enable CloudTrail in all AWS regions: You can track all activity in your AWS resources by using AWS CloudTrail. Even if you initially do not know how to use CloudTrail, turning it on now can help AWS Support and your AWS solutions architect later if they need to troubleshoot a security or configuration issue.

As your AWS use grows or if you begin managing multiple AWS accounts, you might need to start diving deeper into security topics:

AWS Secure Initial Account Setup

Introduction to AWS Security whitepaper

AWS Cloud Security Resources

AWS Security Best Practices whitepaper

Security by Design

Best practices to help secure your Google Cloud

You can build on Google Cloud more quickly, effectively, and securely by using these security blueprints, which add an important new set of layers in the hierarchy of security on Google Cloud.

Security foundations blueprints

The goal of security foundations blueprint is to provide with curated, opinionated guidance and accompanying automation that helps to optimize the native controls and services to build a secured starting point for your Google Cloud deployment. This security foundations blueprint covers the following:

● Google Cloud organization structure and policy.

● Authentication and authorization.

● Resource hierarchy and deployment.

● Networking (segmentation and security).

● Key and secret management.

● Logging.

● Detective controls.

● Billing setup.

● Creating and deploying secured.

If you are looking to improve the way your organization handles security in the cloud, you can contact to our SouthLights Group devops teams here.

Devops Services
Previous
Previous

VCS: the essential tool for DevOps

Next
Next

What is Infrastructure as Code?