Security in IT boils down to 3 tenants: Confidentiality, Integrity, and Availability. They refer to the privacy, fidelity, and accessibility of an application and the data within. Amazon Web Services is the world’s largest hyperscale cloud platform and Rackspace is their premier master services provider. As a result of this partnership Rackspace builds, deploys, and manages infrastructure on AWS for many hundreds of customers spanning thousands of accounts.
Security is a shared responsibility. AWS is responsible for the security of the cloud, Rackspace deploys infrastructure based on AWS Security Best Practices, and TheFormTool ensures the security of our application.
Access to customer data is restricted by account credential, by individual, by machine, and by digital location.
Here is a breakdown that discusses what TheFormTool has put in place to secure the infrastructure, access, and the Aurora database.
Access to the environment
A Web Application Firewall provided by CloudFlare serves as the first access point into the environment. It scans application layer traffic and protects against DDoS attack, SQL injection, cross-site scripting. It has the capability to block individual IP’s in addition to IP’s from entire geographic regions (countries) that traffic should never come from. This service is managed by CloudFlare with input from TheFormTool. Sucuri provides SSL and PCI-compliant firewall, malware, hack and brute-force protection, as well as disaster recovery.
From Cloudflare, traffic is then passed to the Virtual Private Cloud built by Rackspace residing in the AWS’ US East 1 Region (Virginia). The ingress point in the environment determines the appropriate direction to send traffic and rules are in place that limit the ports the infrastructure can be accessed over.
AWS Identity Access Management governs the roles and permissions of each piece of the infrastructure as well as users on the AWS account. The roles and permissions are customizable, and Rackspace operates them under the philosophy of “least permissions”, granting only the minimum of what is needed to a user or component of the environment.
None of the servers within this environment are public facing, meaning technical access cannot be achieved without the use of a VPN or a bastion service with explicit credentials. Rackspace provides a bastion service where a temporary instance is created that technical users can login to in order to access the environment to troubleshoot or update. These credentials are temporary and user-specific and terminate after a set period of time.
Access to this bastion service can only be achieved by Rackspace or by credentialed users provided to Rackspace by TheFormTool. Multifactor authentication is available as an added security measure for users on the account. Technical users must login to Rackspace with username and password and multifactor authentication. Only then can they create a request for a temporary bastion server limited to a specific user in order to access the servers.
Monitoring & Logging
CloudWatch is an AWS-native monitoring solution that can be configured to monitor and send alerts to TheFormTool and Rackspace that include usage, availability, and traffic thresholds. Rackspace is able to quickly act on these alerts through its 24x7x365 AWS support engineering team.
Compass is a customized Rackspace tool which correlates data related to the environment, including scans running over 400 best practice checks, against the security and optimization of the environment. Outputs from these scans can be used by the customer and Rackspace to identify and close any potential vulnerabilities within the infrastructure.
This environment is not housed in a single datacenter. The virtual private cloud spans multiple availability zones (datacenters) to promote fault tolerance. If one availability zone were to go out (highly unlikely) all traffic is routed to the secondary server in another availability zone. This can drastically reduce the recovery time objective associated with a datacenter failure ensuring uptime and availability of the infrastructure should that occur.
Auto Recovery is in place on the servers should an instance fail. If a failure is detected, the instance will automatically reboot in the same configuration as before.
Data is backed up daily.