Security Practices
- Comply with Virginia Tech Minimum Security Standards
- Rebuild often to make patching unnecessary
- Keep configuration separate from source code
- Use secrets management
- Consolidate logs using platform services
- Use encryption wherever it is available
- Use public cloud accounts managed by Virginia Tech
- Require MFA for administrators
- Apply the principle of least privilege to cloud identities
- Adopt a proactive stance towards security incidents