The core security principles of all cloud environments implemented on root360's hosting platform closely follows AWS security principles as described in the "AWS Security Best Practices". This includes a strict "shared responsibility" models for all AWS services between “security of the cloud” and “security in the cloud”. See https://aws.amazon.com/compliance/shared-responsibility-model/
This includes, but is not limited to:
Scope
Security of the cloud
Security in the cloud
Responsibility
AWS is responsible for protecting the infrastructure that runs all of the services offered in the AWS Cloud. This infrastructure is composed of the hardware, software, networking, and facilities that run AWS Cloud services.
root360' responsibility will be determined by the AWS Cloud services that are taken in managed service. This includes configuration work the of root360 as part of their security responsibilities.
Details
Integration of secure global AWS infrastructure using
Regions,
Availability Zones and
Service Endpoints
AWS Load Balancers with implemented
detection and
prevention techniques
PCI-DSS readiness of several AWS Cloud services
Secure access strategy for multiple AWS accounts
Strong authorization policies for IAM users, groups, and roles e.g. use of instance profiles (IAM Roles) for EC2 instances
Protection of stored data by using standard encryption for e.g. S3, EBS, RDS
Protection of transferred data by enabling HTTPS by default
Only allowing encrypted OpenSSH access to each environment via a dedicated Bastion host.
Communication out of or into the cloud environment is through controlled security groups and network access control lists (NACL)
Permanently protected operating systems through strict security patch management policy based on master AMI (Amazon Machine Image) from OS vendors with long term support (Ubuntu 18.04 LTS or newer LTS version)
AWS Load Balancers with implemented detection and prevention techniques
Network-side separation of externally reachable and unreachable systems