As alluded to in the CISA announcement above, certain security practices require frequent review. Here is an expanded list with relevance to cloud based web applications:
- Audit public facing network exposure
– Disable system access not needed for business & technical reasons
- Audit permissions and access to systems
– Ensure former employees or contractors no longer access systems
– Only allow permissions needed for people to do their jobs
- Install DDoS Protection and Web Application Firewalls
– Specialized software and hardware appliances can be installed to filter out attacks on web facing applications
- Review Disaster Recovery and Business Continuity plans
– In the event of an attack, are your recovery plans secure and isolated from the systems in question
- Review application layer security
– Adhere to secure development practices and scan web applications for OWASP Top Ten vulnerabilities
- Third Party Integrations
– Review what extensions, plugins, integrations, and other marketing tools have access to or connect to your sites or data.
Please let us know if you would like help on this or would like to discuss how to best ensure the security and stability of your workloads in the cloud.