There's an assumption here that you use EC2 even though you don't trust Amazon. What is the cost of this assumption?
It would be interesting to separate these rules into universal ones and EC2 ones. I suspect that in many cases, following all these rules would add enough cost to offset any savings of using EC2.
A lot of these rules apply to more than just Amazon's cloud. If you're deploying to any one of the major hosting providers out there, it's critical to understand where you should be encrypting network traffic, etc. This is especially true as most of the affordable service providers don't provide any real DMZ-type support for the machines you rent.
I suspect that many sysadmins have little experience with dm-crypt and all the key management you'd need with it, so learning and installing that stuff has a cost. And you better test thoroughly, because losing a key could mean losing all your data.
8 comments
[ 2.9 ms ] story [ 35.8 ms ] threadIt would be interesting to separate these rules into universal ones and EC2 ones. I suspect that in many cases, following all these rules would add enough cost to offset any savings of using EC2.
These may all be good practices, but how many of them assume that Amazon itself will get hacked?
For entrepreneur on a budget, isn't #20 the most important one?