What are the best practices of Software Security in Cloud?
Some of the best practices of Software Security in cloud are:
- Protect data in transit: During transmission of data from one place to another place, we should use secure socket layer (SSL). This is usually done by HTTPS protocol. To do this we need a certificate from a reputed certification authority like VeriSign. Based on the certificate the server can be authenticated by a client browser.
- Virtual Private Cloud: We can create virtual private cloud by using Amazon VPC. This can help us in isolating the servers logically within AWS cloud. This can ensure that data transfer is secure within our virtual private cloud.
- Protect data at rest: In case we have sensitive information like- Date of Birth, SSN, Passwords etc., we can encrypt this data. So that even if someone gets a copy of the data they cannot decrypt it easily. In Amazon S3, we should always encrypt the sensitive data.
- Protect AWS credentials: In AWS there are different types of credentials. We AWS access keys that are used for accessing REST API. Since these keys are sent over web, we should use HTTPS protocol so that these cannot be compromised or tampered during transit.
- Embedding Credentials in AMI: Some people make the mistake of embedding AWS credentials in Amazon Machine Image (AMI). We should pass these credentials as an argument during the launch of an AMI.
- Key Rotation: We should keep rotating the secret access key on a regular basis. So that even if it is compromised, it can not be used.
Read the full book at www.amazon.com