Our customers’ security is our highest priority. Our products act as your DevOps team and we take the responsibility of making sure your infrastructure is secure from malicious attacks and human errors very seriously.
While Cloud 66 products provide a lot of information, guidance and security improvements out of the box, preventing human error and malicious acts need everyone to work together.
Over the years, we’ve seen cases of disgruntled former employees or contractors who have caused more damage to a company’s reputation and uptime than any outside agent would have been able to. To help our customers with their online and offline infrastructure security, here is a list of what you can do in Cloud 66 to improve things greatly. Over the course of next months, we will be rolling out more features and tools to make this even easier for all of our customers.
Don’t share accounts
This might seem obvious, but actually is one of the most common cases of security issues we see. A couple of years ago we waived all charges for new team members to make sure our customers no matter the size always create individual accounts for each of their team members. Sharing the main account (owner) is specifically more dangerous as it has great powers over the stacks and applications it controls.
Use strong passwords
While not specific to your Cloud 66 account, choosing a strong password and rotating them regularly is always a good practice for any online service. Remember your security is as weak as your weakest point, so a weak password for your account can open backdoors to other systems, no matter how protected they are. Consider adopting a password manager like 1Password or LastPass both of which support Team and/or Business accounts.
Learn more about using team account.
Use two-factor authentication
All Cloud 66 accounts support 2FA (two-factor authentication). Enabling 2FA in your Cloud 66 account is very easy and protects you against the risks of password compromises to a great degree.
Learn more about 2FA.
Pay attention to our security warning emails
I know, who reads emails! But our security warning emails might just be the only type of email you want to pay attention to. We employ sophisticated methods to protect your accounts from a malicious takeover, ranging from TOR endpoint access to login attempts from geographically removed parts of the world within a short period of time and a lot more. All of those signals are collected and analyzed to generate security warning emails, every time we think someone might be trying to take over your account. Setting up a filter in your email client to bring these emails up and paying attention to them can help a lot with stopping the bad guys and quickly as possible.
Regularly check the audit logs
Every action taken in your Cloud 66 account is logged alongside time and IP address. Checking those actions regularly can help you define patterns of behavior which you can spot if things “just don’t look right”.
Learn more about Audit logs.
Grant permissions to your team on a per need basis
A lot of permissions in all Cloud 66 products can be assigned to a team member or their team. It’s always a good idea to grant those as and when they are needed and be more permissive with those rights gradually instead of restricting them over time. These permissions include access to deploying applications to certain cloud accounts or requiring at least 2 people to sign off on deployment, as well as many more fine grained permissions.
Enable server delete protection
This setting is enabled by default on all accounts. When on, server delete protection stops your actual servers on your cloud provider to be deleted when someone deletes a stack or application by mistake. Even with the server delete protection off, we delay the actual deletion by up to 24 hours so you can reach out to our support team and rescue the servers before they are gone for good.
Learn more about server deletion settings.
These are some of the ways you can improve the security of your Cloud 66 account. Over the next few months, we will be rolling out more features and tools to help you improve your production and infrastructure security.
Stay safe and stay tuned!