This is not a far fetch scenario; this actually happens to many cloud users; Experienced and newcomers.
Here are some Pro Tips for you for using the cloud in a more secure and responsible way:
ProTip 1: Define quotas for your subscription:
Something went wrong, and someone managed to access your machines. They are trying to use it for doing bad stuff. Don't get me wrong, cryptocurrencies are not necessarily bad, but it's bad if you pay for someone else coins without getting any value out of it. Make sure to define quotas for your subscription.
You most likely won't leave a blank check at the restaurant, then why would you do it with the cloud? be aware of the costs! Set quotas!
ProTip 2: Use key vault for storing passwords and credentials:
What is a Key Vault? let's look at Microsoft Azure definition:
" Key Vault is a cloud-hosted management service that allows users to encrypt keys and small secrets by using keys that are protected by hardware security modules (HSMs). Small secrets are data less than 10 KB like passwords and .PFX files."
ProTip 3: Make sure no one is storing password and credentials in their code:
Use tools like Security Analysis as part of your CI/CD (continuous integration/continuous deployment) process. These tools will alert and fail the build if credentials are stored in plaintext. Failing the build in this scenario is a good thing that will increase security awareness and poster cautious behavior in your R&D.
ProTip 4: Define RBAC - Role-Based Access Control:
Try to avoid as much as possible of defining services with Admin control. Nevertheless, try to avoid as much as possible creating code that uses admin control. Someone might be able to access your machine and leverage that code. Itβs not always possible to avoid providing admin control but should be something we aim for. Learn more about the various roles that can be defined on Azure here.
This is a shortlist of consideration one should take when onboarding and planning the journey to the cloud. Security should be taken very seriously as it impacts the business directly. Make sure to poster awareness by enforcing tools, spark conversations in the team and mention it during code reviews.
Remember this: Not everyone needs to be a security expert. BUT! your environment security is as strong as the weakest link in the chain.
π€ What are your best practices for creating a more secure cloud environment? Share in comments!
Have concerns? would you like to share feedback? send me a private message on twitter.
Want to learn more! here is a 5 hours free course that you can greatly benefit from.
Top comments (8)
Thanks for sharing! Would you recommend doing the course even if not using Azure or is it completely designed for Azure?
Hi Jasterix! The course goes over basic concepts of cloud security like various types of encryption, shared responsibility, identity and access, what is a DDoS attack, firewall and more. All of them are relevant to all clouds and private data centers. The examples used are on Azure cloud.
thank you! I'm excited to start
Wow this problems always some people use to trick others... Hmmm l am here for that problems... Here go there are Top.10 most hackers use most ...
1,,injection.
2..Broken access control
3..
Bet l will teach you how to beat up quality...
Thanks Adi! I'm always looking for tips on security best practices. :)
thanks, AmberJ!
a known attack vector is redis, when redis is accessible by external incoming requests is possible to store open ssl keys and store that in .ssh/ then the attacker will have full server access
Not sure how it related to Redis? Redis is in-memory database. can you elaborate more?