The following sections describe security considerations:

Rackspace shared management services

Rackspace takes the security of our shared management services and the Rackspace Technology Customer Portal extremely seriously and deploy all infrastructure on AWS leveraging the same best practices that we apply to customer accounts. The following sections provide a sample of some of the key security focus areas.

Racker authentication

All Rackspace employees must leverage multifactor authentication for all access to customer account data and customer environments.

Racker privileges

Rackspace tightly controls each Racker’s access privileges for our Fanatical Support for AWS management systems based on job role, reviewing it periodically to ensure that each Racker has the minimum level of permissions required to perform their job duties adequately. We also log all privilege changes that require management approval for later review.

Encryption at rest

All databases leverage the AWS Key Management Service (KMS) for data encryption at rest. We encrypt all EBS volumes with KMS and use KMS and the AWS SDKs for application-level encryption of secrets.

Encryption in transit

We encrypt all communication between services that make up the Fanatical Support for AWS shared management system during transit by using SSL. You can access our customer and Racker UIs and APIs only through HTTPS.

AWS account best practices

As outlined in the AWS Accounts section, we always enable AWS CloudTrail and AWS Config in all regions for each new account. We also have checks within CloudHealth that ensure these remain enabled and configured according to our best practices.

Activity logging

As described in the Rackspace Logbook section, the system logs all control plane and data plane activities and makes them visible to both customers and Rackers through the Rackspace Technology Customer Portal, providing a complete playback of events that occurred on an account.

AWS security

Learn how to meet your security and compliance goals using AWS infrastructure and services. Outlined on Amazon Web Services Best Practice for Security, Identity, & Compliance web page are recommendations and strategies to use when designing cloud architectures with security in mind.

Security and Compliance is a shared responsibility between AWS and the customer. As described in the Shared Responsibility Model, the customer’s responsibility will be determined by the AWS Cloud services that the customer selects. This determines the amount of configuration work the customer must perform as part of their security responsibilities.

Security updates

As Amazon Web Services says on their Security Bulletins web page, “No matter how carefully engineered the services are, from time to time it may be necessary to notify customers of security and privacy events with AWS services.”

If you are interested in staying informed about these Security Bulletins, watch the AWS Security Bulletins web page.