Your cloud provider is not your security provider - surprised?
Although the cloud and cloud services are not new to the market, there is still a prevailing opinion that when a company moves to the cloud, it can get rid of security costs because they are included in the price.
But they are definitely NOT included in the price. It may not be talked about loudly enough, but the savings that moving to the cloud from an on-premise solution makes possible are in a variety of areas beyond security.
When a business moves to the cloud, it no longer has to worry about hardware, it can save on consumption and the need for maintenance and troubleshooting. All of that yes. But nowhere on that list will you find the elimination of the cost for security and the professionals who provide it.
Why? Because leaving on-premise doesn’t mean leaving IT. Even if you can’t see the cloud infrastructure, similar principles and processes still apply.
Basic Principles
The first important point that you must keep in mind is the immediate update and upgrade of the operating system to the latest stable version. When your provider provides you with an environment where you can deploy a virtual machine (VM), you specify the operating system you want the machine to run. These OS are pulled from the image bank made available by the provider.
Updates and upgrades come out all the time, so it’s not in the provider’s power to keep them up to date. It is up to you. And then of course reboot.
The second important point is the protection of the virtual server from intrusion from the outside. If you are deploying a server, make sure that either
- it is not immediately connected to a public IP address
- or you have the option of password protection.
It’s best to be able to use the SSH key option or at least choose your own password when you order the service.
The third important point concerns accessibility from the Internet. You need to clarify if and which ports should be available. For example, a website must be accessible from the Internet, so there the choice is clear. But then there are other systems that you use, and there is no need to have them accessible from the outside. Then use a VPN, and all aspects of your business will send you a thank you note.
How to Deploy Virtual Servers Securely
Now we will look at the procedure that will reveal the big secret to you – how to safely deploy a virtual machine, what to watch out for and most importantly – why you need to keep a system administrator (SA) and a network engineer in your company, even if you already have company IT in the cloud.
Do not be surprised, we describe the deploymentof a Linux server.
- SSH key – before you even get to the server itself, it is ideal if you can upload an SSH key to the environment and immediately increase your security ranking.
- Private Network – Once you’ve gotten around to deploying a clean VM with only the OS installed, deploy it on a private network. At that moment, your server can see the Internet, but it does not exist for the Internet.
- Correct ports – In the firewall, you then set the ports that will be open from the outside. And here we see the first need for the cooperation of the SA and the network operator. You need to find out which ports actually need to be open, if any, and how to modify the system so that it does not compromise the security of the entire environment.
- Current version – And then there is a point that we have already encountered. Update, upgrade and reboot.
If you have now experienced moments like
- What is it …?
- We didn’t know that…
- We didn’t do that…
- We thought it was not necessary…
and the like, remedial steps need to be taken because security is a very fragile thing – if you don’t take care of it properly, it will shatter with just a little pressure. This can result in data loss, ransom demands, architecture loss, or the use of your environment to attack another environment. You may then wonder how much it costs to clean up an IP address, for example.
Cloud security is partly the provider’s responsibility – they’re unlikely to give you access to a data center to put bars in there (that’s an exaggeration, of course). But a large part of that responsibility lies and always will lie with you. It is the area that cannot be seen and that only experts know.
A system administrator understands the needs of your business, how it works, and knows how IT needs to work to keep the business running. The network operator is there to work with the SA and ensure that the coverage of the company’s needs is done safely.
We have commonly encountered the fact that you get virtual private servers (VPS) with all ports open to the Internet. It’s like putting a giant target on yourself with a red arrow and “Attack here” written on it. However, this arrow points to an online environment where you have, for example, sensitive data.
Don’t take security lightly. We can say that nowadays cyber terrorism is fully spread – we never know who will become a victim of cyber crime and it can be really anyone. But you have an opportunity to take away attackers’ ability to attack you, so take advantage of it and ask what needs to change.
