This doesn’t mean if you put a Server on the cloud, there is nothing to worry about it. This does mean that you have to take the exact same precautions as you would do if you put one of your systems inside your internal network to be connected from anywhere across the internet.
What all would you do to secure a system on the Internet or Cloud?
1. First and Foremost in security, you would isolate the system which you are putting on the internet such that if and only if the system gets compromised it doesn’t affect the other systems in our local network.
2. You would apply firewall rules to open up particular secure ports such that the Users can communicate with the system for what it is meant to be.
3. In case the applications you use are not using secure communication (SSL or other Encrypted Communication Technologies), you try to close up the firewall and put in a secure SSL based VPN (Virtual Private Network) such that the applications will continue to communicate as they do already, but will do that via a Secure SSL tunnel created by the VPN.
4. Restrict communication of limited IP Addresses across the internet to communicate with the exposed system. This means applying more rules based on specific IP Addresses which will prevent only a few with the specific IP Address (or Range of IP Addresses) from the public internet to be able to communicate with your system.
5. In case, the particular IP Address or the IP Address ranges are unknown, you can restrict it based on User Accounts. For this you would setup User Accounts for specific purposes with roles such as Administrator, Power User, Simple User, Read-Only User etc., You would also be creating very secure passwords (Hint: Highly Secure Passwords start at a minimum of 12 to 14 characters, courtesy: http://en.wikipedia.org/wiki/Password_strength) for users. Also recommend to use passwords based on catchy phrases such as “I want to buy 6 Chocolate Candies for my daughter” providing a password like ‘Iwtb6CCfmd’.
6. Make sure you monitor User/IP Address accesses and log them such that you can trace out any unusual activity.
7. If you are fed up with passwords, its also better to use SSH Keys to control access to the system, or also use the multi-factor authentication, which requires a random generated password sent to the user using another communication mechanism such as Paging, SMS, etc. which should be entered to gain access to the system.
If you certainly will miss any of the above, while setting up the server, you are still compromising the system. But fortunately, in cloud it is an Opt-In kind of security management, hence, the cloud servers are already closed. You have to open up only the necessary items. It is all secure.
For example, AWS (Amazon Web Services) EC2 (Elastic Compute Cloud) Servers are by default managed by their own default security group which closes all accesses, even across the systems in their own network. So whatever happens to your cloud system is entirely up to your configuration of the security group. They also provide a secure virtualization implementation where even the guest Operating Systems on the same host cannot and will not know about each other and won’t be able to communicate unless specifically configured via the security group.
Cloud has enabled companies which cannot even dream about a Secure Server in a co-lo or a data center to realize their dream without the up-front costs involved and the ability to turn off everything or scale the implementation to dizzying amounts as is needed.