CodeByte
Published in

CodeByte

Secure your Cloud Platform with these tips and best practices

Designed by Author

With Cloud, comes great computing power. And with Great computing power, comes great security responsibility.

This article tells you how you can be a responsible cloud practitioner.

IAM (Identity and Access Management)

  • Always use the least privileged policy
    Only provide the specific accesses that the users and applications need. Nothing more, Nothing less.
  • Avoid using one IAM policy/role for multiple applications.
  • MFA
    Enable Multi-Factor Authentication for all the users.
  • Restrict delete access
    Restrict destructive operation accesses to limited users only. i.e., do not give data deletion access to every user.

Networking

  • Leverage public and private subnets for segregating different parts of your application.
  • Do not expose servers directly from a public subnet. Use a NAT gateway or a load balancer to route requests instead.
  • Keep the Databases and Servers in different private subnets.
  • Firewall rules should be as restrictive as possible.

Sample VPC layout for a Web application:

Designed by Author via draw.io

Cost and Budget

  • Have a budget and notifications set up for your project.
    This will enable you to track the monthly expenses in the cloud. This will also notify you if you have any unusual activity which can cost you an unexpected sum.
  • Use cost calculator
    Every cloud platform provides some sort of cost calculator that you can use to estimate monthly costs for your applications based on the usage and load that you are expecting.
  • Tag your cloud resources properly.
    This will help you analyse and keep track of how much each application and service is costing you.
  • Be aware of the free tier limits.
    If you are just starting with the cloud platform and are using free tier resources, be aware of when and how those limits reach an end. Otherwise, you might see an unexpected bill on your credit card.

Storage

  • Use data encryption at rest and in transit. Have a rotation policy for the encryption keys.
  • Provision automatic backup for critical data. Have a setup for easy restoration of the data. It might help you more than you can imagine.
  • Do not assign public access to storage services. Like blob storage and databases.
  • Move older and non frequently used data to cold storage to save costs.
  • Lastly, there are a lot of storage options on the cloud which can get confusing, do proper research based on your use case, and then select the right one.

Security best practices are never-ending and can be applied gradually into your projects. These practices can be treated as a good starting point for your projects. I will be adding more advanced ones in the upcoming articles.

Hope you found something new to learn here. To get more useful information join my discord server here.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Devashish Patil

Devashish Patil

Cloud Engineer at Google | IITR Alumnus