Secure your infrastructure. If you have been reading my posts on installing a Zero Trust security framework… Thank you! And, you have been wondering when I would get around to this topic. In fact, you would have been in good company if you had thought securing your infrastructure would be the first topic I discussed.
Today I will go through some steps I recommend you take to secure your infrastructure. I am going to focus on public cloud, but my comments also apply if you are running on a private or hybrid cloud platform.
But first, I want to address a question some customers have posed.
“My applications and data are all in the public cloud. So, my cloud provider will take care of security, right?”
Securing Your Infrastructure: It’s On You
Sorry to rain on your parade, friend. If you are running your applications and storing your data in Google Cloud, Microsoft Azure, or Amazon Web Services you do get some relief when it comes to securing your infrastructure. The cloud provider is responsible to provide physical (datacenter) security, perimeter security and a few other things. Here are some responsibilities you still own as you secure your infrastructure.
- You might need to keep your server operating systems up to date with the latest security patches.
- And you certainly must keep your applications up to date.
- It is a good idea to define the minimum software configuration (Operating System as well as applications) that will provide an acceptable level of security.
Monitor Your Infrastructure for Unusual Activity
Remember that a guiding principle of Zero Trust is to “assume breach.” Securing your infrastructure goes well beyond preventing hacker access. You will want to consider what you expect your applications and data to do in normal situations. And you will want to set up alerts for unexpected activity. Are you seeing numerous file downloads? Is the antivirus software being turned off?
You can set policies to restrict external access, lock databases, block changes to the Operating System and so on, in those cases where you are confident that the suspicious activity is likely to be harmful. Set the alerts. Remediate automatically where you can. Monitor the rest to see what you can automate when the tools get better at spotting dangerous activity.
Pay Attention to Your Administrator Accounts
We often find that customers have too many superuser or Global Administrator accounts. You can secure your infrastructure better if you limit the number of these accounts. As well, you will want to limit when these accounts have access and what functions they can perform. If you are not running IT around the clock, you can block administrator access to working hours (plus a before/after time cushion). If you are running 24/7, you know which administrator accounts are on duty in each time zone and limit access of all off-duty administrative accounts.
While you are at it, this would be a good time to implement Role-Based Access Control for your administrator accounts. Assign roles and let policies determine what those roles can and cannot do.
Turn on audit logging and review the logs for administrative activity (a SIEM can help automate some of this review). Confirm that the behavior you are seeing is what you expected to see.
Take Advantage of the Security Tools Available
Your public cloud provider (especially the major ones I mentioned above) has tools you can use to secure your infrastructure. For instance, Azure offers Azure Blueprints to manage resource configurations and block deployment of resources that don’t match those configurations. Public cloud providers also have tools to segment your network within your tenant. You can also define network security groups and application security groups to further control allowed access and functions.
Whether you are working with a private cloud, public cloud or a hybrid be sure to ask the hard security questions. Work with your provider to set the security guidelines you want, enforce compliance, and monitor for problems.