By David Nicholls, Cloud Engineer
The recent incident of an exposed email server yet again shined a glaring light on a not-so-uncommon problem for all businesses. Allegedly, one human error of not setting a password exposed an email server to the world. With the number of attacks on corporations and government annually, who wants to leave security to human error? Thankfully, it’s already fixed, and the server is once again safe. We should all use this as a learning experience in taking the time to focus on the security aspects of applications and infrastructure.
Whether or not this server was following the STIG for Windows server (https://public.cyber.mil/stigs/downloads/) or if this incident was willful negligence, inexperience, or something else entirely isn’t the point. Microsoft Azure, Amazon Web Services, Google Cloud, Oracle Cloud, and other cloud providers have a multitude of built in security tools that come with little to no cost, comparatively speaking. Each of these cloud providers have built-in automation for alerting to security events, misconfigurations, and potential vulnerabilities, and you can integrate most other security applications with these tools to build a robust SIEM (Security Information and Event Management) solution.
Follow the links to get an overview of the built-in security tools and find out how you can work these tools into your overall security plan:
AWS (Amazon Web Services) - https://aws.amazon.com/products/security/
Microsoft Azure - https://azure.microsoft.com/en-us/explore/security/
Google Cloud - https://cloud.google.com/solutions/security
Oracle Cloud - https://www.oracle.com/security/cloud-security/
Many of the tools can be deployed in a matter of minutes. With little work, you will have a full-blown SIEM before you even get to that addition and configuration of any other required security applications and systems. In general, it’s a good idea to combine all security services into a single account that has direct access to every IT (Information Technology) system and where all traffic flows through for ingress and egress for traffic monitoring and as an attack barrier. Plus, it helps with the overall management of the security infrastructure.
Security incidents happen, and there will always be bad actors. Please make the investment upfront to prevent a very costly incident.