Security
The following sections describe security considerations:
Rackspace shared management services
Rackspace takes the security of our shared management services and the Rackspace Technology Customer Portal extremely seriously and deploy all infrastructure on AWS leveraging the same best practices that we apply to customer accounts. The following sections provide a sample of some of the key security focus areas.
Racker authentication
All Rackspace employees must leverage multifactor authentication for all access to customer account data and customer environments.
Racker privileges
Rackspace tightly controls each Racker’s access privileges for our Fanatical Support for AWS management systems based on job role, reviewing it periodically to ensure that each Racker has the minimum level of permissions required to perform their job duties adequately. We also log all privilege changes that require management approval for later review.
Encryption at rest
All databases leverage the AWS Key Management Service (KMS) for data encryption at rest. We encrypt all EBS volumes with KMS and use KMS and the AWS SDKs for application-level encryption of secrets.
Encryption in transit
We encrypt all communication between services that make up the Fanatical Support for AWS shared management system during transit by using SSL. You can access our customer and Racker UIs and APIs only through HTTPS.
AWS account best practices
As outlined in the AWS Accounts section, we always enable AWS CloudTrail and AWS Config in all regions for each new account. We also have checks within CloudHealth that ensure these remain enabled and configured according to our best practices.
Activity logging
As described in the Rackspace Logbook section, the system logs all control plane and data plane activities and makes them visible to both customers and Rackers through the Rackspace Technology Customer Portal, providing a complete playback of events that occurred on an account.
AWS security
Learn how to meet your security and compliance goals using AWS infrastructure and services. Outlined on Amazon Web Services Best Practice for Security, Identity, & Compliance web page are recommendations and strategies to use when designing cloud architectures with security in mind.
Security and Compliance is a shared responsibility between AWS and the customer. As described in the Shared Responsibility Model, the customer’s responsibility will be determined by the AWS Cloud services that the customer selects. This determines the amount of configuration work the customer must perform as part of their security responsibilities.
Security updates
As Amazon Web Services says on their Security Bulletins web page, “No matter how carefully engineered the services are, from time to time it may be necessary to notify customers of security and privacy events with AWS services.”
If you are interested in staying informed about these Security Bulletins, watch the AWS Security Bulletins web page.
Updated 10 months ago