It’s easy to create a new cloud account in AWS, GCP or Azure – you can be up and running in the public cloud in seconds – but when something is that simple to set-up, it can be easy to whiz past one of the most important steps; securing your cloud account to prevent access to your valuable cloud resources. MFA (Multi-factor authentication) is a simple security measure you can take towards cloud security.
When you first set up an AWS account, amazon creates you a “root” account user with overarching permissions to the entire AWS account. The wizard guides you through the very first steps you need to take to secure your account and prevent malicious access to your cloud resources.
One of the steps that both AWS and Google Cloud recommend you take, shortly after set-up, is to secure access to your account by enforcing the need for people to use multi-factor authentication to log into your cloud account. MFA (or 2FA) involves at least two stages to the normal login procedure – one governed by a username and password, and one governed by a unique security code generated by a device or application that is directly tied to a single user’s cloud account.
So why is MFA so important for securing your cloud accounts? We asked nubeGO CEO, Fernando Hönig, why you should consider adding an extra layer of security with MFA.
“Using MFA for your cloud accounts is as important as the lock on your front door. Entrance locks have evolved over the years, we now have keys and locks with multiple combinations. The same goes for passwords and the ways that we authenticate against our systems. Cloud is one of many systems where we need to put our best effort in to keeping it secure. Sometimes (as with door keys) are passwords can be cloned or identified by someone else; but if we also add a second key or a second method to authenticate ourselves with our systems, we are adding another layer of complexity to the situation which makes our systems more robust in terms of trust and authentication.”
You can apply 2-factor authentication security measures to your Google Cloud accounts. Both GCP and AWS have support for hardware security keys or virtual MFA devices such as Authy, or Google Authenticator, an app for your mobile device that can generate MFA codes for all the applications you use that require 2-factor authentication. You can find out more about securing your public cloud accounts by reading the security best practice guidelines for AWS and GCP.
As your adoption of Cloud technologies grows, it is important to build in best practice cloud security measures from day one. Secure your object stores (such as S3 or Google Cloud Storage), VPC security groups, IAM permissions model, public HTTP endpoints and inter-service communications using the principles of least privilege.
For advice on securing your Cloud environments, contact one of our Solution Architects. Email firstname.lastname@example.org