cloud computing security
TRANSCRIPT
![Page 1: Cloud Computing Security](https://reader036.vdocuments.net/reader036/viewer/2022083119/586f9fd91a28abcc238b65a5/html5/thumbnails/1.jpg)
Cloud Computing SecurityAnshul Patel
![Page 2: Cloud Computing Security](https://reader036.vdocuments.net/reader036/viewer/2022083119/586f9fd91a28abcc238b65a5/html5/thumbnails/2.jpg)
Security Classification
● Cloud Computing Instance Security
● Cloud Networking Security
● Cloud Storage Security
![Page 3: Cloud Computing Security](https://reader036.vdocuments.net/reader036/viewer/2022083119/586f9fd91a28abcc238b65a5/html5/thumbnails/3.jpg)
Cloud Computing Instance Security●CLI access to computing instance should be done via Bastion server.
●CLI access to computing instance should be key based authentication and not password based.
●CLI access to computing instance should be encrypted and over secure protocol.
●Users should access the computing instance with their corresponding key.
●LTS releases of Operating System should be used.
●Periodic security patches should be applied via Configuration Management.
●For critical hosts, HIDS should be implemented.
![Page 4: Cloud Computing Security](https://reader036.vdocuments.net/reader036/viewer/2022083119/586f9fd91a28abcc238b65a5/html5/thumbnails/4.jpg)
Cloud Networking Security●Applications/Platforms should have their corresponding subnets.
●Only Public facing Applications/Platforms should be in public subnets. (DMZ)
●Non-Public facing Applications/Platforms should be in private subnets with access to NAT gateway.
●Computing Instance Firewall should allow traffic from desired ports and hosts only.
●Sensitive information should always be transferred over SSL over public network.
![Page 5: Cloud Computing Security](https://reader036.vdocuments.net/reader036/viewer/2022083119/586f9fd91a28abcc238b65a5/html5/thumbnails/5.jpg)
Cloud Storage Security●Sensitive information should be encrypted and stored at rest.
●Access to data should be either role based or policy based.
●Only targeted audience should be able to access the data.
●API keys, application passwords, certificates should be stored in Key Management System.
●Access (Read/Write) to sensitive data should be logged.
●Sensitive data should be replicated.