Easy Cloud prides itself on providing a range of security options that you can use to ensure that private information is protected and secure. By following these ten best practices, you can increase the security of your AWS, Azure or other cloud environment.
- Note: If you are ever in doubt about the security of your cloud infrastructure, feel free to contact Easy Cloud directly. In the event of a suspected security breach, you should submit a ticket with the subject “Security” along with the details. Alternatively, you can send email to security@easycloud.ws.
By following the best practices listed in this document, you will reduce the risk of a security breach. However, even the best security policies will fall short if they are not followed. Easy Cloud strongly recommends that end users be trained to follow the best practices and ensure a secure environment.
Increase password security for your end users
Increasing the password requirements for customers can help to prevent unauthorized users from guessing your end users' passwords. At the highest level of security, end users are required to choose a new password every 90 days.
You should also require your administrators and end users to select unique passwords for their Easy Cloud account. In other words, they should use a password that they are not also using for other external cloud systems. If one account is hacked and a password is discovered, the hacker's access will be limited to just that one account.
Finally, you can require 2-factor authentication wherever possible.
Never give out user names, email addresses, or passwords
While there is a fine line between meeting the needs of your users and maintaining security, best practices are that Easy Cloud customers should never give out usernames, account IDs, access keys,or passwords.
If you're using a third party single sign-on authentication system such as Active Directory, Open Directory, LDAP or SAML, passwords can be reset in a similar fashion through those services.
Be aware that hackers sometimes use social engineering techniques to pressure people into helping them out by giving them a password for an account. In some cases, they do this by contacting customer service personnel during evenings or weekends when they suspect there are fewer senior staff working. They may even claim that there's been a security breach and that the password needs to be reset immediately to some new text that they provide.
Some hackers have tools that enable them to spoof email addresses to impersonate users from legitimate email domains. As a result, even what appears to be a legitimate email request from a user may not be from that actual address. If someone who claims to be an administrator or user of an account contacts you, you should note the IP address (this is shown in the events and notifications view in tickets), and independently verify his or her identity (for example, by calling them at the phone number in their user profile). If in doubt, never provide any sensitive information or make account changes on someone else's behalf. Legitimate users should be able to change their account settings using the methods described above.
We recommend that you educate your end users about these types of security risks and also create a security policy that everyone knows and can refer to when these incidents occur.
Encourage end users to monitor their user account
Since end users have a more privileged role, they can be the canary in the coal mine indicating when a hacker has just gained unauthorized access to your Easy Cloud cloud infrastructure. To secure future access, an intruder may add a new email address to an admin profile and initiate a password reset.
If you see a new login from a suspicious location, remove this device to end the user's session, then choose a new password.
Remotely authenticate users with single sign-on
Some customers choose to use single sign-on, which authenticates your users outside of your Easy Cloud cloud infrastructure. They typically log in to a corporate network and then access Easy Cloud Support by simply clicking a link and are automatically logged in. All user management and authentication happens outside of your Easy Cloud. JSON Web Token (JWT) is available, along with support for single sign-on using Secure Assertion Markup Language (SAML).
We recommend that you and your users take advantage of the two-factor authentication (also known as multi-factor authentication) that these services provide. This adds another layer of protection by requiring additional proof of identity. If you're using JWT or SAML, you'll need set this up for your Easy Cloud cloud infrastructure.
About password security levels
Typically, there are various password security levels:
Low - Each password must have at least 5 characters.
Medium - Each password must have at least 6 characters and meet the following requirements:
- Includes numbers and mixed case letters
- Includes a special character that is not a letter or number
High - Each password must have at least 6 characters and meet the following requirements:
- Includes numbers and mixed case letters
- Includes a special character that is not a letter or number
- The password expires after 90 days and the new password must be different from the 5 previous passwords
Custom - Each password must meet the requirements that you set. Among the options, you can set the period before the password expires. This security level is available only for end users and admins.
- Note: If JWT or SAML authentication is enabled, the passwords won't expire because they're not stored. JWT authentication is also available.
Password security best practices
Consider posting an article in your Help Center to remind your end users about password best practices. Common recommendations include:
- Never use the same password for more than one account
- Never share your password
- Never write down your password
- Never communicate your password by telephone, email, or instant messaging
- Log off before leaving a computer unattended
- Change your password whenever you suspect it's been compromised
Comments
0 comments
Article is closed for comments.