
Twenty Rules for Amazon Cloud Security - chaostheory
http://broadcast.oreilly.com/2008/11/20-rules-for-amazon-cloud-security.html
======
wmf
There's an assumption here that you use EC2 even though you don't trust
Amazon. What is the cost of this assumption?

It would be interesting to separate these rules into universal ones and EC2
ones. I suspect that in many cases, following all these rules would add enough
cost to offset any savings of using EC2.

------
rgrieselhuber
A lot of these rules apply to more than just Amazon's cloud. If you're
deploying to any one of the major hosting providers out there, it's critical
to understand where you should be encrypting network traffic, etc. This is
especially true as most of the affordable service providers don't provide any
real DMZ-type support for the machines you rent.

------
mmmurf
In other words, how to shave the yak for about 6 months setting up a
complicated security infrastructure.

These may all be good practices, but how many of them assume that Amazon
itself will get hacked?

For entrepreneur on a budget, isn't #20 the most important one?

~~~
delano
How does encrypting data and not allowing passwords for shell accounts affect
your budget?

~~~
wmf
I suspect that many sysadmins have little experience with dm-crypt and all the
key management you'd need with it, so learning and installing that stuff has a
cost. And you better test thoroughly, because losing a key could mean losing
all your data.

------
bob_dole
Aren't you in an enclosed network subnet within your own cloud in ec2?

~~~
emmett
No, you share network subnet space with (an arbitrary number of) other EC2
users.

------
apollo
How about Google app engine?

