Secure your Cloud Platform with these tips and best practices
With Cloud, comes great computing power. And with Great computing power, comes great security responsibility.
This article tells you how you can be a responsible cloud practitioner.
IAM (Identity and Access Management)
- Always use the least privileged policy
Only provide the specific accesses that the users and applications need. Nothing more, Nothing less.
- Avoid using one IAM policy/role for multiple applications.
Enable Multi-Factor Authentication for all the users.
- Restrict delete access
Restrict destructive operation accesses to limited users only. i.e., do not give data deletion access to every user.
- Leverage public and private subnets for segregating different parts of your application.
- Do not expose servers directly from a public subnet. Use a NAT gateway or a load balancer to route requests instead.
- Keep the Databases and Servers in different private subnets.
- Firewall rules should be as restrictive as possible.
Sample VPC layout for a Web application:
Cost and Budget
- Have a budget and notifications set up for your project.
This will enable you to track the monthly expenses in the cloud. This will also notify you if you have any unusual activity which can cost you an unexpected sum.
- Use cost calculator
Every cloud platform provides some sort of cost calculator that you can use to estimate monthly costs for your applications based on the usage and load that you are expecting.
- Tag your cloud resources properly.
This will help you analyse and keep track of how much each application and service is costing you.
- Be aware of the free tier limits.
If you are just starting with the cloud platform and are using free tier resources, be aware of when and how those limits reach an end. Otherwise, you might see an unexpected bill on your credit card.
- Use data encryption at rest and in transit. Have a rotation policy for the encryption keys.
- Provision automatic backup for critical data. Have a setup for easy restoration of the data. It might help you more than you can imagine.
- Do not assign public access to storage services. Like blob storage and databases.
- Move older and non frequently used data to cold storage to save costs.
- Lastly, there are a lot of storage options on the cloud which can get confusing, do proper research based on your use case, and then select the right one.
Security best practices are never-ending and can be applied gradually into your projects. These practices can be treated as a good starting point for your projects. I will be adding more advanced ones in the upcoming articles.
Hope you found something new to learn here. To get more useful information join my discord server here.