4 considerations for keeping your cloud infrastructure secure - Technical.ly DC

Software Development

May 28, 2020 10:23 am

4 considerations for keeping your cloud infrastructure secure

Why availability, shared responsibility models, centralized management and data leakage matter.
In the cloud.

In the cloud.

(Photo by Flickr user Abby Lanes used under a Creative Commons license.)

This is a guest post by Tony Lutz, a cloud DevOps engineer with D.C.-based Simple Technology Solutions.

With the increase in telework, ensuring the security and resiliency of your cloud infrastructure has never been more important. Here are four things to consider on how to keep your cloud infrastructure secure:

Availability

One of the cloud’s most touted features is its scalability — it is easy and fast to create universally available architectures. This can also help manage denial-of-service (DOS) attacks by external parties. By configuring your workloads to scale to meet demand, workloads can simply scale to continue meeting user demand while absorbing the DOS attack.

Additionally, many public cloud providers offer tools to identify known bad actors and manage those attacks at the provider level, rather than impacting customer workloads. By leveraging these strategies, cloud workloads can be made more resilient to attacks and less likely to suffer performance degradation and outages.

Shared responsibility model

Many cloud native and managed services support patching and updates behind the scenes. Be sure to identify user responsibilities clearly when considering a managed service and make sure those responsibilities are met. For example, many serverless function-as-a-service tools (like AWS Lambda and GCP Cloud Functions) do not require operating system-level patching, but any libraries used by the code will need to be kept up to date. By identifying user responsibilities for a managed service and ensuring those responsibilities are met, users can ensure their workloads stay up to date and compliant, minimizing risks.

Centralized management

Public cloud service providers — Amazon Web Services, Microsoft Azure, etc. — offer a host of tools to reduce risk and provide visibility into your hosting environment. Investing in configuring these services early can save time and reduce risk in the long run. This can include customizing access control policies, standardizing networking and firewall standards, and securing audit logs away from user access. Once these controls are in place, incidents can be prevented, mitigated, and identified quickly, reducing risk of compromised systems.

Advertisement

Data leakage

A cloud environment has greater potential for data leakage via insider threat/human error than on-premises or data center environments. One of the cloud’s benefits, quick and easy provisioning, can be a major opportunity for data leakage, if appropriate guard rails and user training are not in place. Observe the principle of least privilege by making sure that individuals just have the access that they need to do their tasks, and not access to everything. This can reduce the risk of bad actors improperly accessing sensitive data.

-30-
CONTRIBUTE TO THE
JOURNALISM FUND

Already a contributor? Sign in here
Connect with companies from the Technical.ly community
New call-to-action

Advertisement

Sign-up for daily news updates from Technical.ly Dc

Do NOT follow this link or you will be banned from the site!