In today’s world of cyberattacks and security breaches, it’s more important than ever for companies to actively take steps to protect their customer data and ensure customers can communicate with them in a secure way. Robust host and network level security is not easy to provide, and it’s even more challenging to achieve in distributed, fault-tolerant and hosting provider-agnostic environments.
Here are six best practices you can follow to secure your platform and keep customer data safe:
1. Establish internal standards
Every internal decision your team makes regarding security should be weighed against a list of predetermined philosophies and conventions. The list doesn’t need to be written in stone. In fact, it should be updated as problems are found and resolved. Having established internal standards forces teams to understand where they’re making trade-offs and helps with the decision-making process. Standards also help new engineers quickly understand why things are set up the way they are.
2. Secure by default
Following a convention of securing everything by default means that disabling any security service has to be done via an override or exception rule. This serves to enforce consistency across development, test and production environments.
As tempting as it is to poke a hole in the local firewall or to disable SSL when connecting to MySQL, companies don’t want to be making these types of security changes in their production or test environments. Setting your tools to automatically “do the right thing” keeps your engineers honest. Also, by having this kind of consistency, teams can debug security-related issues earlier in the development cycle.
3. Assume a hostile and flaky network
Many companies deploy all or part of their infrastructures to cloud hosting providers, whose networks they cannot control. Additionally, when infrastructure is deployed across multiple regions, a good chunk of data traffic goes over wide-area networks (WANs). This introduces the challenges of packet loss and high latency, as well as the possibility that intruders may try to eavesdrop on traffic.
With this in mind, companies should encrypt all data in flight and always assume that their data is flowing through networks where they have little visibility.
4. Be provider-agnostic
While there are a host of provider-specific tools — from security groups to virtual private clouds (VPCs) to rescue consoles — available to build your security network on, it’s important for companies to avoid vendor lock-in. A simple way to do this is to base your security tooling on commonly available Linux tools or installable packages, which eliminate your dependency on provider specific security tools and lead to better stability. At PagerDuty, we leverage Chef to do most of this work for us and have built out nearly all of our tooling on top of it.
5. Centralize policy management and distribute policy enforcement
Most companies approach authentication, authorization, and access (AAA) by having single sources of truth for access control, and they then also use those sources of truth as an authorization mechanism. Examples of this include: using an LDAP server, using a Radius server, or using a perimeter firewall to store network policies. Instead of relying on these single sources of truth for both policy management and enforcement, companies should split out and distribute the enforcement pieces to the individual nodes in the network. When a change is introduced into the network, for example, the single source of truth can be created to update the policy and populated through all of the nodes.
6. Constantly validate
While all of the above serves to provide a robust security architecture, it’s important that teams validate their security measures to ensure that those measures are doing what is actually required.
Some companies will do quarterly penetration testing to test their system security, but, in a dynamic environment, that’s too slow. Teams need to actively scan, monitor, and alert on changes when there is something that is not expected. This enables dev and ops teams to catch problems quickly if a mistake is made or, if there is actual malicious behavior, alert teams to the problem immediately.
At the end of the day, your customers want to know that their data is secure. More importantly, they want platforms and providers they can trust. Arm your teams with the best practices they need to keep systems secure and available, and you’ll see customer satisfaction — and ROI — improve as a result.
Evan Gilman is an operations engineer at PagerDuty