If you are planning to host a server on a cloud infrastructure , be sure you implement the following 10 security best practices.
1. Ransomware and other malware
Ransomware is the most dreaded cyber attack where the hacker encrypts all your sensitive data and demands a ransom for decryption. Ensure that the cloud infrastructure protects your resources and data from malware and ransomware attacks.
2.DDOS attack defense
DDOS , which stands for distributed denial of service attack is launched on websites to make them non serviceable. This would create downtime and loss of trust and revenue. Ensure that the cloud infrastructure has necessary security appliances or services which would identify and block DDOS attacks
3. Data backup
Ensure that there is a proper data backup policy in place. It should be possible to recover the data in the event of any unforeseen incidents.
4. Data leaks and breaches
Data leaks can happen in various forms. An insider can copy data to a USB and use it outside the company network. Or a hacker can gain unauthorized access and transfer the data to other locations. The cloud infrastructure should have proper security mechanism which would prevent the occurrence of data leaks and breaches
5. OWASP TOP 10
OWASP , which stands Open web application security project is a foundation which works on web application security threats and testing mechanisms. The OWASP top 10 lists the top 10 cyber attacks targeted on web applications. The cloud infrastructure should have proper security appliance or service like web application firewall which would block the OWASP top 10 and other web security attacks.
6. Penetration testing of infrastructure
Penetration testing is a process by which you understand how hackers can gain access to your networks and applications by conducting test scenarios replicating hackers. Though the responsibility of application penetration testing is with you, the penetration testing of the infrastructure on which your solution is hosted is also to be done. Periodic penetration testing of the cloud infrastructure should be conducted, and reports should be available for verification.
7. Secure Data at rest and in transit
Data at rest and in transit should be secured using appropriate encryption. For example, data in transit would be a communication between the client (browser) and the server, which should be secured using SSL.
8.Scope of Security monitoring
Ensure that the cloud infrastructure has a proper security monitoring process which would help identify threats before they occur. This would significantly prevent down time of the application.
9. Server downtime in the event of an attack or unforeseen incident.
Appropriate measures should be implemented ,which would ensure that the server and appropriate application should up in minimal time, in the event of an attack, or any other unforeseen incident.
10. SSL inspection
SSL inspection is the process by which SSL packets send between the client and the server is inspected using firewalls. This would ensure that the malware and other threats hidden in SSL is blocked. Since the majority of internet now works on SSL, this feature or service should be implemented on the cloud infrastructure.