Stephen Coty: start-ups cloud security user guide
as a cloud service solution, Alert Logic integration of advanced security of all-weather monitoring tools to combat threats and solve compliance, at the same time or AWS advanced technology partners and security provider.
Many years ago, I have great dreams and very little money creates a security and development company.However, before I start building the necessary infrastructure and development platform, I soon realized cost problem.Of course, this occurs at the beginning of the 21st century, there was no cloud computing infrastructure, so if you want to have the infrastructure, it is necessary to build, then there is the human resources, operations, finance, sales, and marketing, so finally I set the company needs to infrastructure and maintenance of infrastructure team.
As a start-up, when set up cloud computing needs to have basic task list.Today's cloud with a variety of self-help facilities and services, make a lot of task easier.But even so, the security is often an after considering.However, it's important to remember that cloud computing is the expansion of business network, whether they know it's there.Security holes not only endanger the user's internal network, also the customer data at risk.
Public cloud security threat
Although the public cloud bring huge economic benefits, but also like any other infrastructure have Shared threat.For many years, the attack frequency and the use of a variety of malicious software is on the rise.As cloud event related vulnerability scanning, web applications, as well as the increase of the violent attacks, the threat of a key to understand the user influence cloud types, so that you can establish an appropriate depth of security policy to protect the environment from malicious attacks.
Public security model
In a public cloud, to ensure that the security is the key to understanding Shared security model between users and service providers, such as the amazon AWS public cloud service providers.Without it, you can assume when a user is responsible for a particular security function, service providers are protecting the user.
For example, a service provider is responsible for all the basic services, such as computing power, storage, database and network services.In the network layer, service provider responsible for network segmentation, peripheral services, some DDOS and deception.
But, you - the end user is responsible for network threat detection, report and response to any event.In the host level, the user is responsible for access management, patch management, configuration, hardening, security monitoring, and log analysis.One hundred
percent application components are the responsibility of the user.The figure below shows the responsibility of the classification between users and service providers:
To understand the role that users and cloud providers can not only help users make the best decisions about cloud infrastructure, also will ensure that once the implementation of network security policy will be effective and low cost to protect your data from the cloud threat.
Cloud security best practices
1, the protection code
Protect the code absolutely is the responsibility of the user.First, make sure that security is part of the software development cycle (SDLC).To this end, the list is as follows:
• validation code is continuously updated and whether any plug-ins have the latest patches;
• will delay is added to the code to prevent to be victims of botnets;
• test all libraries and third-party dependencies;
A loophole in the news, attention is using the products;
, finally, to make any changes after scanning the code.
2. Create access management policy
What are the first, make sure all of the assets.Once established list, clear roles and responsibilities required for access to assets.If possible on certification, and use a priority mode to realize the authentication.AWS provides many options for authentication management。
3. The patch management method
Again, consider developing an important program listing:
To clear up all the assets list;
As much as possible, to determine standardized plan;
Research may have vulnerabilities that affect, classification based on vulnerability and the possibility of risk;
If possible, the patch test;
, establish a regular repair plan, including the need to manually update the third party products.
4. Log management
Log now benefit far exceeds the compliance;Has become a powerful tool for security.Users can use log data to monitor malicious behavior and accident investigation.Make logging technique is an effective security tools need round-the-clock monitoring abnormal behavior.
AWS CloudTrail a groundbreaking proposals in this respect.Can use CloudTrail, user security provider from amazon access management of environment monitoring cloud instance.Everyone tend to focus on the Internet and monitoring to protect their environment, they seldom want from back-end monitoring activities.This is the innovation and provide customers with a CloudTrail with AWS API interaction management level of transparency.
5. Establish a security toolkit
The user needs to the cloud as a corporate network.Implementation of the depth of the protective covers all responsibility strategy.Implement the IP table, web application firewall, anti-virus software, intrusion detection, encryption, and log management.Explore security options, and make sure is the right solution for business.
6. Keep informed
The user must know about their environment may have holes keep, here are some of the world's leading research website.This will help the user to obtain loopholes, development, and dissemination of sexual assault of the latest news:
7. Understand the service provider
Finally, users need to understand and share the security responsibility safety suppliers and products.To ensure the security strategy is effective and can be effective implementation through continuous testing.