eBooks & Reports

O'Reilly's Automating Security in the Cloud

Issue link: https://resources.threatstack.com/i/872576

Contents of this Issue

Navigation

Page 9 of 32

users, the terms least user access or least-privileged action account are also used, referring to the concept that all user accounts at all times should run with as few priv‐ ileges as possible, and also launch applications with as few privileges as possible. Benets of LEAST principle in cloud: Better service stability—When cloud services are limited in the scope of changes it can make for a better system, it is easier to test its possible actions and interactions with other applications. Better service security—When code is limited in the system-wide actions it may per‐ form, vulnerabilities in one application cannot be used to exploit the rest of the cloud service environment. Ease of deployment—The fewer privileges an application requires, the easier it is to deploy within a larger environment. This usually results from the first two benefits. Applications that install device drivers or require elevated security privileges typically have additional steps involved in their deployment. Grant least privilege (Implementation) Apply fine-grained permissions to ensure that IAM users have least privilege to per‐ form only the tasks they need to perform. Start with a minimum set of permissions and grant additional permissions as necessary. For privileged actions don't share security credentials, such as access keys, between accounts. Instead, use IAM roles. You can define a role that specifies what permissions the IAM users in the other account are allowed, and from which accounts the IAM users are allowed to assume the role. A least privilege policy should require that all access to its infrastructure, application, and data be controlled based on business and security requirements. The principles of segregation and least privilege, service changes and maintenance are split between multiple teams. The operations team should responsible for maintaining the produc‐ tion environment, including code deploys, while an engineering team should develop features and code in development and test environments only. Software development teams should not ever access the production system directly. In all cases, administrative access is based on the concept of least privilege and is tied to "Action" roles not users; users should be limited to the minimum set of privileges required to perform their day to day organizational functions (e.g. email, drive shares, user application access, etc.). For privileged action the use of roles. As previously discussed a role is essentially a set of permissions that grant access to actions and resources in the cloud. These permis‐ sions are attached to the role, not to an IAM user or group. 8 | Chapter 4: Cloud Computing Foundational Security Leading Practices

Articles in this issue

view archives of eBooks & Reports - O'Reilly's Automating Security in the Cloud