Fine-Tuning Security For Your Cloud Environment

Wednesday, August 14, 2013

Bret Clement

0926052d146f791d33534b681a7365a1

As Brian Adler, senior cloud solutions architect at RightScale recently wrote in his blog entitled “20 Ways to Fine-Tune Your Cloud Environment,” cloud deployments require tune ups.  Why? Over time cloud deployments grow organically in ways that you never plan. Sometimes you have to do things quickly to solve an immediate issue and you never go back and do it by the book – and when things are working, there’s a tendency not to mess with them.

A tune-up of your cloud environment can potentially save you money and improve your performance.

Brian looked at 20 great ways organizations can fine-tune cloud environments across cost optimization, HA/DR and server utilization.

In terms of security, Brian offers a few tips:

1. Take Advantage of Security Groups

If the cloud you’re on provides security groups, use them. Security groups give you the ability to specify a range of IP addresses and a range of ports and specify whether all the entries in each group are allowed in or not allowed in. You can nest security groups to set up an easy-to-manage hierarchy.

2.  Check Your Firewalls

Look at your iptables rules and make sure that they’ve been enabled. Run the iptables recipe and check the output for ports that should not be open to the world and other potential problems. If you have open ports, make sure they need to be open, and make sure you know who they’re open to.

3. Deploy Security Updates

Just like in your data center, you need to make sure your cloud servers are up-to-date with the latest security fixes. For RightScale users, the latest version 13.5 of RightScale ServerTemplates™ has recipes to let you unfreeze security repositories for Ubuntu and upstream repos for CentOS and perform security updates, and we have similar functionality for Windows Updates as well.

4. Keep Secrets Secret

Think about how you are managing your cloud credentials. Use named credentials as placeholders for all sensitive inputs. Don’t expose things like passwords as plain text, and thereby make them visible to people with only observer privileges.

As Brian concludes, it is important for many reasons to clean up cloud deployment sprawl. In terms of security, this includes opening up only what you have to.

About the Author: Bret Clement heads global communications for RightScale.

Possibly Related Articles:
8589
Cloud Security
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.