Everybody is talking about cloud and security these days. Almost every cloud provider is giving away tools and tips about how to keep your security tight and hackers at bay. But when it comes to the basics, they are all overly technical. Here are what we think are the 5 most important security features of a cloud provider.
Simply put it is your login(s), you may have one or few and each of your team members use them to access the cloud account, manage the infrastructure and may even have admin access to destroy assets. Logins are vulnerable. If a hacker uncovers a credential then the account is theirs to control. A good cloud provider should create a mechanism were credentials are never sent over the wire, invites are sent securely and passwords are strict and never shared.
It is critical that different users have different access levels to different resources. You don’t want everyone in your organization accessing all the resources for example, databases or the backup drives. Creating an overall plan and defining users roles and security access groups is essential for a good cloud service. This allows you to manage your team effectively and to be sure your resources are not tempered with accidently.
All data saved on disk is encrypted, so if an unauthorized user get access to the actual hardware (from another resources or from physical access) they cannot read the data on the drive as it is protected with a strong security encryption. Just like losing a laptop or a mobile phone is a security breach, datacenters can be breached and equipment stolen, adding this level of encryption means the data is safe from unauthorized users.
Virtual resources are given security credentials (logins) to operate under. This is not linked to any specific user and being managed from a central point. If you like, each resource is operating under a role. The role provides information about any other resources it can communicate with or control. It is critical these credentials are recycled regularly so even if a hacker obtains one, by the time it will be cracked and the code readable, the original key is already replaced and the resources are protected.
Some resources are available to the public and some should be kept private, it is critical for a user to be able to create complex network typologies, to hide resources behind private networks (no public IP) and to control internet access in and out of the network. Firewalls and load-balancers provide a great way to hide what is actually going on under the hood (servers, databases, backups) protecting them from direct attacks.
We thought this point was too valuable not to share. The ability to distribute your infrastructure over few or many availability zones, or even better, datacenters physical locations, give yet another layer of security protection to your organization resources. In the case of a security breach in one location there are a few options;
- You can shut down an infected instance, stopping all mellitus operations on this resource.
- You can completely shut down operation at this location making sure you have a replica on another location.
It is critical to have a backup plan not only for security but as good business practice. While this isn’t specific to the cloud, a good backup strategy will keep you running with no operation impact even during a very serious event.