Security in Operations
By employing the right level of processes and procedures in tandem with our overall security strategy, we provide a robust framework for continuous risk management and help the security of our operations. Our processes and controls are also designed to support many compliance frameworks and follow industry-standard operations practices.
 
SEE ALSO:
Security in engineering
We've created clear, repeatable processes to help ensure that our development teams build security into all ourproducts and services.
Security and our community
We work with industry partners to share knowledge and help maintain best security practices.

System monitoring and logging

Our Ops Security teams use a set of monitoring alert criteria to define the critical security and availability standards for our services' production environments. Ops Security personnel use third-party monitoring tools to closely monitor any spikes in activity above predened thresholds. We also deploy Intrusion Detection System (IDS) sensors at critical points in the network to detect and alert our security team to unauthorized attempts to access the network. Alerts are triggered for anomalies, and Ops Security uses established procedures to address them and any potential security threats they may represent.
 

Access control

We use access control measures so that the fewest number of operators have access to restricted data. Role-based access is defined and deployed to restrict privileged access to information resources based on the concept of least privilege. Authorization requires approval by the management directly responsible for the condentiality, integrity, and availability of impacted resources.
 

Automation

As much as possible, we automate processes and procedures to help create efficiencies, maintain consistency and repeatability, and reduce human error. We use automation in areas including configuration and patch management, creation and hardening of baseline images, and system monitoring.
 

Change management

We enforce a comprehensive, change management process to help ensure that changes to the network or production environment are documented,
tracked, tested, authorized, and approved prior to migration to production. We monitor the states of the hardware, operating system, and configurations, and we log and execute changes in a controlled way. We also evaluate and check logs for potential misconfigurations.