By Rajat Bhargava Posted June 1, 2016
This blog post is part of a series on Security for Startups. The full list of posts is shown below:
- Securing your Applications
- Securing your Cloud Infrastructure
- Securing your Employees
- Securing your Endpoints
- Securing your Office
AWS changed the IT landscape for startups. With the advent of cloud infrastructure, building a tech startup became a lot easier. Companies could rent their computer infrastructure at a fraction of the cost of buying it upfront. Because they could use only the necessary resources, they saved money that way as well. Is it a hyperbole to say that AWS accelerated an already burgeoning early stage tech sector? No, probably not. With the power of cloud computing, storage, and services, also comes the responsibility of security. AWS only goes so far with their security measures, encouraging their customers to take their part of the security responsibility seriously.
The Keys to Getting Cloud Infrastructure Security on Lock-down
In the latest installment of our Security for Startups series, we talk about how startups can secure their cloud infrastructure. Given that their server infrastructure in the cloud is a core part of their business, it is important to take significant steps towards securing it. Below are some recommendations for securing your Infrastructure-as-a-Service platform.
An important first step in protecting your cloud infrastructure is to appropriately enable the firewall and network. AWS calls this function Security Groups, but just about every IaaS provider has an equivalent functionality. Make sure that you lockdown inbound and outbound access to the most restrictive policy that works for your application and organization. You’ll want to make sure that every server that you spin-up is behind the firewall and appropriately networked. It is easy to forget a server, leaving it unprotected on the public Internet.
Trust us, even the most recent operating system images can need patches. Make sure that all of your servers are up-to-date. Out of date servers is one of the easiest ways to get compromised, especially with servers that are on the Internet. A great SaaS-based patching service called PatchSimple offers cost-effective solutions to this problem.
Tightly Control User Access
Ensuring that you tightly control user access to your systems should be very high on your IT security to-do list. A central user management system, such as Directory-as-a-Service® (DaaS), can solve this problem for you. DaaS is a cloud-based directory service that manages who can access your Windows, Linux, or Mac systems, although Macs are less likely to be cloud servers. Users can be required to use complex passwords, SSH key, or multi-factor authentication to gain entry to the server infrastructure.
Encrypted Data at Rest
If possible, it’s best to secure data at rest with encryption. There are a wide variety of tools and systems that can help you encrypt data that is stored in the cloud.
Are your servers communicating with each other, but not behind the same firewall? If so, you’ll want to make sure that there is secure communication between all of your components. This may be accomplished through VPNs or other mechanisms. Whatever solution you choose, ensuring that your traffic is secure is important on the public Internet.
Unlocking a Startup’s Potential with Cloud Infrastructure
The Infrastructure-as-a-Service phenomena has transformed the startup ecosystem. Companies can be started for far less money than ever before, and that’s creating a new wave of innovation. But, with this technology also comes great responsibility. Securing your cloud infrastructure is more important than ever.
You can find more information on Security for Startups in the below video, where we discuss the topic in the DevOps world. Additionally, check out our ebook that gives expert recommendations and best practices in DevSecOps.