Cloud Security Best Practices for application, servers and network

Application Security

  • Single Sign-On
  • Application Integrity
  • Vulnerability Scanning and
  • Virtual Patching

Single Sign-On in the cloud

Application Integrity Check

Vulnerability Scans in Applications

Virtual Patching for Legacy Code

Network Security in Cloud

  • Network segmentation
  • Network Session Protection
  • Network Monitoring
  • Traffic Encryption

Session Protection

Types of Session Hijacking Attacks:

  • Cross-Site Scripting (XSS): attackers exploit vulnerabilities within servers and inject scripts (JS, Active Directory, DOS) via web pages and retrieve information.
  • Session-Side Jacking: attackers can sniff through network packets to get the session key via session cookies and impersonate them to perform malicious actions. These attacks are even more likely when employees access company assets via public WIFI or an unsecured hotspot.
  • Session Fixation: Attackers supply their session key and spoof the user into accessing a vulnerable server.

Network Monitoring

Network Traffic Encryption

Server/Host Security in cloud

  • Installing Anti Malware & Antivirus, you can purchase them from Microsoft or Symantec, etc.
  • Secure your encryption keys created in VMs in the Azure Key Vault or AWS key management service (KMS) in AWS cloud.
  • Protect your server by running frequent backups — try Azure Backup which does not need any CaPeX to set up and provides complete protection of your application data.
  • Protect from unplanned outages by implementing Site Recovery to ensure your organization’s business continuity and disaster recovery objectives keeping your applications and servers running. Azure Site Recovery helps to protect both on-premise and cloud workloads from disasters.
  • Secure SQL data using Transparent Data Encryption (TDE) and column level encryption (CLE).
  • Encrypt Virtual Machine disks — to encrypt your VMs disks try Azure Disk Encryption solution.
  • Consistently and frequently run Patch updates.
  • Prevent unauthorized access on your VMs by implementing SSO (Single Sign On) and using identity-based access controls.

Summary

References

--

--

I am a Senior Software Architect, mentor & successful PluralSight Author, professionally I am an expert at Angular, Express, Node.JS, Object Oriented Design but with a particular focus on Service Oriented Architecture, DDD, MEAN stack and Asp.Net.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Rupesh Kumar Tiwari

Pluralsight Author, Developer and Trainer. I help students and professionals to become Full Stack Software Developer in less than a Year.