This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
wiki:policies:cloud [2021/11/18 18:42] katcow |
wiki:policies:cloud [2023/10/11 06:18] (current) kholub |
||
---|---|---|---|
Line 1: | Line 1: | ||
===== Cloud Security ===== | ===== Cloud Security ===== | ||
+ | |||
+ | ==== Standards Compliance ==== | ||
+ | |||
+ | Our development team designs and maintains architecture, | ||
+ | |||
+ | Being that CIS updates recommendations, | ||
==== Changes to the Cloud Environment ==== | ==== Changes to the Cloud Environment ==== | ||
+ | Changes to the Cloud Environment include: | ||
+ | |||
+ | * Provisioning new compute & storage resources | ||
+ | * Updating configurations & base images for compute & storage resources | ||
+ | * Updating Virtual Private Cloud & Security Group rules | ||
+ | * Provisioning new subnet IPs | ||
+ | * Modifying DNS records | ||
+ | * Updating TSL certificates | ||
+ | |||
+ | All changes are subject to: | ||
+ | |||
+ | * A change to deployment, architecture & cloud environment documentation in the codebase | ||
+ | * A review of the methodology and documented changes | ||
+ | * The developer requesting changes must explain any risks associated with the change, mitigations, | ||
+ | * Advance testing in our staging environment | ||
+ | * Requirement of generating a rollback strategy | ||
+ | * Requirement of providing a full audit log of actions taken upon deployment | ||
+ | * Verification via manual testing, access & network logging, load testing, etc. as appropriate by the release engineer. | ||
+ | |||
+ | **Notification of Changes: | ||
==== Cloud-related Access Policy ==== | ==== Cloud-related Access Policy ==== | ||
- | Security training for Cloud-related access and data management | ||
+ | Only release engineers are provided access to the Cloud Environment via IAM. Release engineer accounts have minimal necessary authorizations to make environmental changes and run standard deployments; | ||
+ | |||
+ | ==== Training & Certification ==== | ||
+ | |||
+ | All Nested Knowledge developers with production access (release engineers) receive at minimum AWS Cloud Practitioner certification. New release engineers are supervised during their first 5 deployments or Cloud Environment modifications. | ||
==== Compliance Statement ==== | ==== Compliance Statement ==== | ||
- | All Employees and Contractors who access Nested Knowledge’s information systems will be provided with and required to review the Cloud-Related Access Policy. | + | All Employees and Contractors who access Nested Knowledge’s information systems will be provided with and required to review the Cloud-Related Access Policy. |
+ | |||
+ | ===== Revision History ===== | ||
+ | |||
+ | ^Author^Date of Revision/ | ||
+ | |K. Holub|2/ | ||
+ | |K. Cowie|11/ | ||
+ | |||
+ | [[: | ||
+ |