Moving to the cloud is a tremendous step towards streamlining systems operations through automation and standardization. What can be said about cloud security? Will it match what you had in the brick and mortar data center? Below is some basic advice.
Spinning up a new server (VM) and deploying an application in a cloud environment will become much easier and will not require as much manual labor from your sysops team. It is however very important to set things up properly right from the beginning, because any mistakes will affect your entire environment.
Where do you start? Before starting to spin up VMs and storing sensitive code or data on them, make sure the access to your infrastructure is secure. There are a few notorious cases of companies that have fallen pray to hackers who took control of their cloud management consoles and held them for ransom. In some cases they deleted their infrastructure and some went out of business as a result… Sounds scary? It is… but you can avoid their mistakes.
AWS provides a set of powerful APIs that can be used to manage the infrastructure. Securing access to these APIs and the AWS console itself becomes therefore very important. Amazon helps quite a bit, by pointing out good practices upon setting up your console access – like implementing two factor authentication and securing access to API keys. We strongly suggest implementing MFA (multi-factor authentication). No matter how good your password is, there are many ways it can be stolen…
Amazon’s hints however will only go so far, which is why organizations like the Center for Internet Security came up with an Amazon Web Services Foundations Benchmark. It is a good read, and will require quite a bit of work to implement. There are a few cloud security scanning vendors who are developing compliance tests against this benchmark, which can highlight errors or omissions. We can help you pick and implement one – why not contact us for some advice?