11 exercises to ensure your enterprise is 'cloud fit'

-


A cloud environment is like the human body. It can be viewed in different "states"and is a continuously evolving and adapting entity that requires constant vigilance in order to ensure it’s operating at its optimal state. That optimal state can be achieved through fitness, and when it comes to the cloud, getting fit is one of the best ways to eliminate vulnerabilities and threats that could cause damage. We're not necessarily talking about the equivalent of benching 500 pounds or running a marathon. Rather, there are some basic, but critical, steps that an enterprise can and should take in order to be fit and prepared to keep data safe from bad actors.

It's impossible to know where the next attack on your cloud will originate, but you should have a solid awareness of the different components of your cloud stack and how to manage them. In the context of the structure of your cloud, it helps to break them down according to the parts of the cloud that, by design, allow access, process data, and/or perform any type of collaboration, communication, and transaction.



If that seems like it covers every corner and surface area of your cloud, it does. Preparing for hacks and intrusions is a full-time effort; like the workings of the body, security never stops. The cloud is flexible and supports an organization's efforts at agility, and these are among the many reasons why so many enterprises are choosing a cloud-first approach in their technology and business practices. But, that flexibility has to be balanced with rigorous attention to potential risk.

There are 11 "exercises" that you can do to help guide you towards being a fitter cloud user. These steps are meant to minimize the impact of human error when it happens (and it ALWAYS happens) and encourage a more defensive mindset within your organization. By coupling these steps with security automation, you will create the necessary security posture that can ward off hacking attempts before bad actors can find a hole.

Here’s a quick rundown of the steps we propose in your organization’s effort to get "cloud fit":

Exercise #1 -- Disable Root Account API Access Key: Because of the change in root user use recommendations and the addition of IAM in AWS, it is recommended that you disable, or even better, delete the AWS root API access keys.
Exercise #2 -- Enable MFA Tokens Everywhere: AWS recommends multi-factor authentication, and as a fairly simple thing to implement, it should be required of all users, both inside and outside your organization.
Exercise #3 -- Reduce IAM Users with Admin Rights: How much access does a user or application need in order to perform the task? What is the risk if the key is lost or compromised? Make sure you provide access just to those who need it.
Exercise #4 -- Use Roles for EC2: AM credentials frequently get compromised, and we know this can be avoided when IAM roles are created for EC2.
Exercise #5 -- Least Privilege: Get a handle on management of access to applications, buckets, services, and other aspects of your cloud infrastructure so access is given only to those who absolutely need it.
Exercise #6 -- Rotate all the Keys Regularly: Per AWS best practices, credentials, passwords and API Access Keys should all be rotated on a regular basis. If a credential is compromised, this limits the amount of time that a key is valid.
Exercise #7: -- Use IAM Roles with STS AssumeRole: Ensure user adoption while enforcing strict IAM management and usage policies.
Exercise #8 -- Use AutoScaling to Dampen DDoS Effects: A more effective solution for absorbing and managing DDoS attacks: AutoScaling.
Exercise #9 -- Do Not Allow 0.0.0.0/0 Unless You Mean It: This helps block unwanted traffic and manage the threat surface.
Exercise #10 -- Watch World-Readable and Listable S3 Bucket Policies: Be judicious about how you create and manage your S3 policies, which is especially timely in light of these recent headline-gathering issues from Verizon, WWE, and Dow Jones.
Exercise #11 -- CloudTrail and Encryption: Enable AWS CloudTrail to enable logs.
No one lowers their cholesterol with one trip to the gym. Fitness is a continuous goal, not a unique state. And if you follow through with these exercises, you'll find that your enterprise and all the layers of your cloud will truly become stronger, more resilient, and less vulnerable.



Source : Betanews

Popular posts from this blog

OnePlus Releases OxygenOS 4.5 OTA For OnePlus 3 and OnePlus 3T

-
Image
OnePlus has just announced the release of OxtgenOS 4.5 OTA for the OnePlus 3 and OnePlus 3T. The new update brings in a number of new additions to the stable OxygenOS for these devices, as well as various system stability and battery improvements. Lift up Display, a feature previously limited to the OxygenOS beta channel has now finally made it to the stable version with this new update. That means users can now peek at their notifications simply by lifting the device up from the surface, without actually waking up the device by double tapping the screen or pressing the power button. The new update also adds a Gaming Do Not Disturb mode to help gamers better focus on their gameplay by effectively blocking out heads-up notifications and sounds. This last addition has been in the stable ROM of the OnePlus 5 since the device arrived, so it’s nice to see it get to the hands of OnePlus 3 and 3T owners. Other notable changes include the ability to show network speed in the st
Read more

Black Friday saw the lowest price yet for the Roomba j7 from iRobot.

-
Image
  Prices for the iRobot Roomba j7 series have reached record lows. With the Roomba j7 being $250 less expensive than usual, and the Roomba j7+ being $200 less expensive. https://linkjust.com/lKbjkgDZ59WMURB3L2omZ    The auto-empty dock is the only difference between these two variants. The auto-empty dock for the Roomba j7+ is included, and it can keep enough dust and debris for the robot vacuum to run for nearly two months. Unless you add the Roomba Combo j7, the Roomba j7 is still the most recent robot from iRobot. It was released over a year ago. The guarantee that iRobot provided helped the j7 gain a lot of popularity. Pet poop avoidance is guaranteed by iRobot, or they'll replace the j7 series for nothing. Its P.O.O.P. policy, which stands for Pet Owner Official Promise, includes this. But it must be pretty good if iRobot is so certain that it will avoid pet waste, right? It is.    Additionally, the j7 boasts "PrecisionVision," a revolutionary system integrated insid
Read more

Report: Incredibly Accurate GPS Chips are Coming to Smartphones Next Year

-
Image
GPS on smartphones today can be hit or miss for a lot of people. There are times in which it is actually right on point, but then there are other times that it seems to pin you on a completely different street, usually taking far too long to correct itself. Android has tried to improve this by triangulating your location from a number of sensors including GPS, WiFi, Cellular, etc. However, this issue could be coming to an end soon as Broadcom has just unveiled a new GPS chip that is said to bring 30-centimeter accuracy. Most GPS chips in smartphones today claim to be within 5 meters of accuracy when it comes to determining your location. As mentioned, Android tries to improve this by using data from other components in your smartphone. For instance, you’re only using the GPS sensor in your smartphone if you have the location mode set to Device Only. A lot of people will bump this up to Battery Saving mode though and it will try to figure out your location using WiFi, Blueto
Read more