Moving to the cloud can feel like an impending zombie apocalypse as you wonder who could gain access to your assets and launch attacks against your company once you migrate. Going into the unknown can be unnerving for many companies considering moving to the cloud. However, with the rapid growth and popularity of the cloud today, organizations are wondering not if they’ll move to the cloud, but when—and when they do, how they can take proactive measures to reduce risk exposure and stay safe.
In a recent webcast, Rapid7’s Head of Labs, Derek Abdine, shared the top cloud configuration mistakes organizations make and four rules to implement so you can migrate securely to the cloud. You can watch the full webcast here and read below for a recap.
Cloud security rule No. 1: Controlling access
Understanding who is gaining access to resources in your cloud environment is a big unknown for many organizations. The best way to prevent this from happening is to use temporary security credentials.
With just a simple search on GitHub, you can usually find zombie credentials or access keys unintentionally embedded within configuration files. This is not a fault of GitHub, but rather application developers who toss access keys into these files and accidentally commit them. This can happen even on content that gets indexed by Google. However, regardless of where they show up, you never want static access keys out in public.
One of the best ways to protect your account is to avoid using statically defined keys (especially for the root user) when you can. Instead, using temporary credentials or IAM roles can help to manage cloud access. Developers can ev ..
Support the originator by clicking the read the rest link below.
