3 min read
September 14, 2020
For some, the cloud almost has a mystic allure. People can think there is a magic wand and you wave it and it just works. There is no wand, and it’s easy to take some of what the cloud does for granted. One of the first things that come to mind is security. The cloud touts itself as being more secure, however, it should never be a question of if you will be hacked, or attempted, it is a question of when and how you will respond. You need to think about security first. If security is thought and planned first it will cause fewer issues later. Instead of being worried about locking down the system and what that means you have locked down the system and work with it being secure. Think about the dev KISS Principle. Keep the complexity low and simple, especially to start. Ensure it is doing its job, but keep it simple. If you are newer to this complexity can add confusion and that can lead to hidden holes. When doing most things in the cloud you need to follow the model of least privilege. Your permissions are additive, so you can easily give someone more permission than they need. They should only have enough permissions to do their normal day to day functions. If they need more there are ways to elevate the permissions temporarily.
One of the biggest I could say is to learn from others. Because the cloud touts everything as secure it is easy to think they just do things for you. There are some things they do for you, encrypt at rest with storage is one of them, but there are a lot of things they don’t. If you Google Leaky Bucket AWS S3, you will see how people were not looking at what access they were giving out on their storage access. I think people have a way to try to treat the cloud similar to how they would treat servers on-prem. That is a big issue. If you have 2 servers you should require the servers to validate each other to communicate. You cannot leave security to the provider. You need to make sure you manage security using the Zero Trust model.
People think their existing legacy tools will work, they might but probably will not be as effective. This is the reason things like Kanban Boards, Repos, and pipelines have been created. The goal is to plan better, collaborate better, and get things done faster.
In an upcoming post, we will look at diving more into this and looking to dive more into the process and tools.
One of the biggest I could say is to learn from others. Because the cloud touts everything as secure it is easy to think they just do things for you. There are some things they do for you, encrypt at rest with storage is one of them, but there are a lot of things they don’t. If you Google Leaky Bucket AWS S3, you will see how people were not looking at what access they were giving out on their storage access. I think people have a way to try to treat the cloud similar to how they would treat servers on-prem. That is a big issue. If you have 2 servers you should require the servers to validate each other to communicate. You cannot leave security to the provider. You need to make sure you manage security using the Zero Trust model.
People think their existing legacy tools will work, they might but probably will not be as effective. This is the reason things like Kanban Boards, Repos, and pipelines have been created. The goal is to plan better, collaborate better, and get things done faster.
In an upcoming post, we will look at diving more into this and looking to dive more into the process and tools.