20 Point Cloud Security Checklist

This 20 point cloud security checklist helps security auditors to audit security of cloud infrastructure.

Authentication - Ensure the prevention and detection of compromised cloud user accounts
Authorization - Ensure the prevention and detection of any privilege escalation of user accounts
Update - Ensure the latest security patches installed for operating systems, applications, and code
Encryption - Ensure storage and sharing of sensitive data by using NIST approved encryption mechanisms, rotation of keys, and access control. Check Cryptography Interview Questions and Answers.
Authentication - Ensure centralized identity provider to accessing and managing multiple cloud user accounts
Logging - Ensure configuration of logs of any security incidents, policy violation, authentication success and failures, authorization failure, application and system start-up, shutdown, etc.
Authentication - Ensure multi-factor authentication for cloud admin users
Logging- Ensure identification of any unusual activity by analyzing logs regularly
Communication - Ensure usage of industry-approved SSL/TLS certificates
Authorization - Ensure only required fewer privileges for cloud users. Avoid using root or highest privileged account for managing.
Communication - Ensure access is restricted for unused or non-required well-known ports such as FTP, ICMP, SMTP, SSH, Remote desktop, etc.
Communication - Ensure restricted access to outbound access
Incident Response - Ensure incident response plan ready for any unexpected event
Incident Response - Ensure the incident response drill happens once a year
Confidentiality - Ensure protection of data (data at rest) by using NIST approved algorithms.
Communication - Ensure the rotation of SSH keys periodically. Check SSH Interview Questions and Answers.
Network Security - Ensure prevention of network attacks such as DoS attacks, man-in-the-middle (MITM) attacks, etc.
Network Security - Ensure firewall-related services properly configured. Check How to secure Network Firewall
Virtualization - Ensure best practices should be followed for virtualization related technologies. Check Virtualization Security Checklist
Confidentiality - Ensure the use of mechanisms to secure sensitive data

Subscribe us to receive more such articles updates in your email.

If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!

Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.

You may also like...

Leave a Reply

Your email address will not be published.