Whether your Cloud environment is on AWS, Azure or Google, the chosen vendor is only responsible for a handful of security protocols. This is known as the shared responsibility model; much of the onus for Cloud security is on you and your team. Not having a full understanding of how complex it is can have severe consequences. With more than 80% of people having increased their overall Cloud usage in 2020, understanding your role in Cloud security is more important than ever. Read on for six tips to help maximize your security in the Cloud.
- Make process documentation part of your culture.
Having purposeful and consistent documentation helps everyone be on the same page. Be strategic about things like naming conventions, tagging strategies and networking typology. By using consistent methods and agreed upon standards, it’ll help you avoid tripping over other peoples’ work and having to spend a lot of time trying to reverse engineer issues.
- Avoid introducing unpredictable results into your environment.
One way this can easily happen is with auto updates and patching. Auto updates for patches sound great, but one update or patch not thoroughly tested can mean it ends up breaking something else. For example, with one of our clients when we update the operating system we update one out of the ten servers first and then go back update the rest of them once we’re satisfied nothing has broken. You need to test throughout the operation to make sure everything is working how it should. Then, once testing is complete and everything is working as designed, you can patch automatically and methodically.
- Know which platform tools are available to you.
One of my favorite AWS tools is CloudTrail (similar to Log Analytics in Azure) because it audits everything that’s done in an AWS API ecosystem. You can keep track of changes that have been made and it’ll help you troubleshoot when something isn’t working as it’s supposed to. One of our client’s IT department made some changed in the AWS Console which accidently caused an outage for the website we were working with. Thanks to CloudTrail, we were able to quickly investigate and identify when the change was made, who made it, and what was different. This allowed us to pinpoint a solution fast and restore functionality to the website.
- Use single sign-on (SSO) for your users.
By using SSO, it gives your organization centralized control over who has access to your systems and you’re able to give each employee different levels of access to each system. For example, with one of our clients I have admin access in the development account but read-only access in the production account. This granularity is managed from a single place, and allows your SSO Administrators a way to administer users (onboarding, off boarding, password policies, etc.) with ease and efficiency.
- Make sure you fully understand the health of your environment.
Leverage monitoring and metrics to understand your application’s characteristics. How do you know if your application is healthy or performing efficiently? How do you determine you need either add or reduce capacity? By creating metric dashboards and alarms, and configuring notifications, you not only understand what a healthy workload looks like, but you can move from being reactionary to proactively responding when things start to go sideways. Some of the more useful metrics can be things like connections to your database, your storage consumption and your memory usage in your instances. By understanding and reviewing, you can start to make informed decisions on necessary actions and get out of guess your capacity needs.
- Conduct a well-architected review.
Even though the well-architected framework was created by AWS, this tool can help you no matter what platform you’re on. Guided by five pillars (operational excellence, security, reliability, performance efficiency and cost optimization), the framework helps Cloud architects build secure, high-performing and resilient infrastructure. We did a well-architected review for a hospital system client who had recently moved to AWS where we identified multiple issues, including overprovisioned resources and security flaws. This tool’s usefulness goes beyond your development team, because it provides a lens for exactly how your Cloud environment crosscuts your entire organization. The Security Pillar addresses many of the items already highlighted here and can help shed additional light on additional best practices such as, secure network communication, data encryption, and many more security policies.
Cloud security is a huge responsibility that requires consistent and careful attention from every member of your team. Using these tips will help you take an organized and thorough approach to keeping your environment, application, data and users safe and secure.
About the Author:
Jeff Pabian is a Principal Consultant and has worked in technology for more than 25 years. Since 2011, he has specialized in Cloud Services and has led many teams through their transformative Cloud journey. With strong infrastructure experience, he’s helped build and launch enterprise-ready applications that have served millions of customers. He loves tinkering with new technologies and has a passion for building things. When he’s not working, Jeff is an avid cyclist and enjoys collecting vintage audio equipment.
Removing the Chains of “On-Premise”: Five Steps to Becoming Cloud ReadyRead More
Meet the Virtual Hackathon Planning Committee: Vanessa CooperRead More
Meet the Virtual Hackathon Planning Committee: Rosemary ButtRead More
Four Myths About PythonRead More