4 tips about how to secure root account
The first thing you get when you jump in to any cloud is a root account. This is such a key element that we are also publishing our first post to highlight some policies about how to secure it.

The list of what to do with a root account may slightly differ from company to company or among different cloud services providers. However, there is a major rule of thumb, the importance of which you should never underestimate:
The idea behind this principle can be explained by making an analogy from public key infrastructure (PKI) terminology. Best practices for root certificate authority (Root CA) might reflect what you have to do with your root account.
So, here are the simple steps you should walk through once you obtain your root account:
1. Strong Password
According to CIS benchmarks your password has to be at least 14 characters long. On the other hand, it should include a complex combination of alphanumeric and special characters.
2. Enable MFA
You should enable multi-factor authentication not only for your root account, but also for other administrative accounts. A mobile app and/or a vault would make your day.
3. Manage Roles
You should better create groups for admin, billing, and auditing users. And for the purposes of each group you can manage roles to be assigned with the “least privileges” principle.
4. Set Alarms
Harmonizing zero trust philosophy with the event-driven architecture of cloud, you can get notified whenever a root login or a critical administrative action is performed.