written by McKayl Turner 10/16/2020
Have you ever felt overwhelmed when looking at all of the services offered in the cloud? With so many services it can sometimes be difficult to know how to start securing your cloud environment. We are here to help with 5 simple things you can do to improve your cloud security that will take 5 minutes or less. These steps are AWS focused but many of the concepts will apply across cloud environments.
1. Set Up MFA on your Root Account
Your Root Account has all permissions in your environment. Even if you have security measures in place if your root account is compromised many of these security measures can be circumvented. One of the easiest ways to improve your cloud security is to set up Multifactor Authentication (MFA) on your root account. This extra layer of protection will help make sure that your account is safe. You can follow these steps to enable MFA on your AWS root account: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_enable_virtual.html
2. Create a User
Because your root account is so permissive it is a good idea to only log into the account when it is absolutely necessary. It is a good idea to set a long complicated password for the root account and then store that password in a secure location. Then create a user and use that user to log into your account. Here is a guide on how to do so:
https://docs.aws.amazon.com/IAM/latest/UserGuide/getting-started_create-admin-group.html
This guide shows you how to create an administrative user. It is a good idea to only give administrator permissions to those who absolutely need them and create users with least privilege permissions for other users.
3. Lock Down Unused Regions
Using service control policies you can lock down the regions that you are not actively using. This is a good security practice because it narrows down the locations where breaches can occur and allows you to only have to monitor your most used regions. This example service control policy (SCP) will help you get started. https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps_examples.html
4. Create a Billing Alarm
Another simple way to protect your account is to set up billing alarms. Set a billing alarm at a level where you expect your spending will be. Then if you are alerted that your bill is larger than expected you will know that something unusual is going on in your account and can further investigate. Here is a guide on how to create a billing alarm. https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/monitor_estimated_charges_with_cloudwatch.html
5. Enable CloudTrail
Finally make sure that you enable CloudTrail so that you can audit the activity in your account. CloudTrail provides an event history that can help simplify security analysis, resource change tracking, and troubleshooting. You can also use CloudTrail to detect unusual activity in your AWS accounts. You can follow this link to get started setting up CloudTrail in your account: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-create-a-trail-using-the-console-first-time.html
These are simple steps to help you secure your cloud. But we realize that security isn’t always this simple. We are here to help you secure your cloud whether it is a small or big job!
Connect with us at contact@nephosec.com.
