System monitoring and logging
Our Ops Security teams use a set of monitoring alert criteria to define the critical security and availability standards for our services' production environments. Ops Security personnel use third-party monitoring tools to closely monitor any spikes in activity above predefined thresholds. We also deploy Intrusion Detection System (IDS) sensors at critical points in the network to detect and alert our security team to unauthorized attempts to access the network. Alerts are triggered for anomalies, and Ops Security uses established procedures to address them and any potential security threats they may represent.
We use access control measures so that the fewest number of operators have access to restricted data. Role-based access is defined and deployed to restrict privileged access to information resources based on the concept of least privilege. Authorization requires approval by the management directly responsible for the confidentiality, integrity, and availability of impacted resources.
As much as possible, we automate processes and procedures to help create efficiencies, maintain consistency and repeatability, and reduce human error. We use automation in areas including configuration and patch management, creation and hardening of baseline images, and system monitoring.
We enforce a comprehensive, change management process to help ensure that changes to the network or production environment are documented,
tracked, tested, authorized, and approved prior to migration to production. We monitor the states of the hardware, operating system, and configurations, and we log and execute changes in a controlled way. We also evaluate and check logs for potential misconfigurations.