3. Cloud Computing Instance Security
● CLI access to computing instance should be done via Bastion server.
● CLI access to computing instance should be key based authentication and not
password based.
● CLI access to computing instance should be encrypted and over secure protocol.
● Users should access the computing instance with their corresponding key.
● LTS releases of Operating System should be used.
● Periodic security patches should be applied via Configuration Management.
● For critical hosts, HIDS should be implemented.
4. Cloud Networking Security
● Applications/Platforms should have their corresponding subnets.
● Only Public facing Applications/Platforms should be in public subnets. (DMZ)
● Non-Public facing Applications/Platforms should be in private subnets with access
to NAT gateway.
● Computing Instance Firewall should allow traffic from desired ports and hosts
only.
● Sensitive information should always be transferred over SSL over public network.
5. Cloud Storage Security
● Sensitive information should be encrypted and stored at rest.
● Access to data should be either role based or policy based.
● Only targeted audience should be able to access the data.
● API keys, application passwords, certificates should be stored in Key Management
System.
● Access (Read/Write) to sensitive data should be logged.
● Sensitive data should be replicated.