4 tips about how to secure root account

The first thing you get when you jump in to any cloud is a root account. This is such a key element that we are also publishing our first post to highlight some policies about how to secure it.

Root Account

The list of what to do with a root account may slightly differ from company to company or among different cloud services providers. However, there is a major rule of thumb, the importance of which you should never underestimate:

" Do not ever use your root account for any daily operation! "

The idea behind this principle can be explained by making an analogy from public key infrastructure (PKI) terminology. Best practices for root certificate authority (Root CA) might reflect what you have to do with your root account.

So, here are the simple steps you should walk through once you obtain your root account:

1. Strong Password

According to CIS benchmarks your password has to be at least 14 characters long. On the other hand, it should include a complex combination of alphanumeric and special characters.

2. Enable MFA

You should enable multi-factor authentication not only for your root account, but also for other administrative accounts. A mobile app and/or a vault would make your day.

3. Manage Roles

You should better create groups for admin, billing, and auditing users. And for the purposes of each group you can manage roles to be assigned with the “least privileges” principle.

4. Set Alarms

Harmonizing zero trust philosophy with the event-driven architecture of cloud, you can get notified whenever a root login or a critical administrative action is performed.