Servers located directly on the internet run one of the highest risks of being compromised. It’s just too easy for hackers to find an open “door” or “window” into those servers and then tap into confidential data, systems and information. Companies can’t afford to put their private information at risk, but an increasing move to cloud-based business solutions inherently increases the risk associated with data.
The good news is, if your organization leverages cloud infrastructure, there are ways to mitigate the risk.
It takes vigilance—and constant upkeep—but cloud-based data on internet-based servers can be just as safe and protected as on-premises servers.
In this post, we highlight three steps you can take to significantly protect your infrastructure from being compromised and ensure that you are properly securing your servers.
Step 1: Shut Down Access
As admins install appropriate software packages and applications onto servers, invariably ports are opened and services are enabled. This makes a security breach for a hacker easier and easier. Essentially, the more ports and services you tamper with, the more surface area there is available for hackers.
Depending upon your architecture, see if you can keep ports open “behind” the firewall in a VPC environment. This helps ensure that the fewest possible ports are opened to the public-facing internet, but you’re still able to accomplish your job. You can also specify which servers or services communicate with your AWS machines if you happen to use them (or with your IaaS provider of choice).
Step 2: Patch Your Servers
If you have ports or services that are open publicly, it is imperative that they are patched to ensure you are securing your servers. Admins should be updating patches on their servers as often as new data or systems allow them to, for the most attainable risk-mitigated servers. To make effective patches, there are four main steps you can take:
- Stay informed about the most crucial updates to cloud computing (Microsoft releases updates monthly).
- Automate your patch process.
- Test your patches thoroughly and frequently to maintain the highest level patch and to anticipate any errors in your system that hackers could get around.
- Verify that all your patches are functioning as designed (this last step could include periodic scans with Microsoft Baseline Security Analyzer, or another vulnerability assessment tool, to make sure all servers are patched and up to date and/or spot-checking individual machines for proper patches).
Step 3: Tightly Control User Access
Finally, consider tightly controlling user access to all of your servers. Ideally, admins have complete control in administering access privileges, both individual and group, so that employees have the access they need to do their jobs and nothing more. This tight control limits the amount of access a hacker would have if one user’s identity was compromised. Limited access acts as an obstacle a hacker has to work around to get to his goal: your data.
The more granular an IT admin’s user control, the better the overall security for the organization.
To do this, apply standards of access permissions, authentication and authorization for your IT admins to implement. Double-check that permissions are accurate by checking individual devices and ensuring their permissions are correct. Additionally, implement IT technologies that automatically sync changes in user accounts. The technology you need should work seamlessly with Windows, Macs, Linux and other devices to prevent any terminated user ad hoc access to accounts due to their aberrational device.
Please note that this is a quick-hitter list. These should be the minimum things that you should be doing. Are all of your ports shut down? All servers patched? Are you sure you have control over everybody accessing your servers?
There are any number of additional tools, technologies and processes that you could use to help protect your cloud server infrastructure. IaaS is incredibly powerful. Take the steps that you need to take to protect you and your organization from being the next victim.