Cloudways please document your security practices
I would like to suggest that Cloudways publishes an article or other document that describes how Cloudways maintains, patches, updates servers and secures them.
The intent is not to disclose details that puts security at risk but instead demonstrates the value Cloudways is providing in the area of helping its customers maintain a secure server and application environment.
Information should include frequency of update / patch deployment, frequency of security scans for malware / unauthorized access, firewall ports and services that are open especially those for inbound traffic from the Internet, intrusion protection mechanisms, transparency reports for government information requests and legal processes, etc..
This kind of information will help Cloudways demonstrate value being provided. And, it would be helpful for devs, webmasters, and agencies too ... especially when evaluating Cloudways or building solutions / offerings on servers managed via the Cloudways service.
It will also be helpful to those who strive to document our own security practices.
I am a Cloudways customer, and right now what Cloudways provides and does in the realm of security is a big "black box" that offers no details or documentation of such to its customers or prospective customers.
Like I said, a suggestion ... which I believe is a good one.
This is indeed a good suggestion. We at Cloudways believe in being transparent to our users in all operational areas. We have added this idea to our Product Improvement Ideas list, and information about security would be available on the Cloudways Platform in the coming days.
Arthur Micheal commented
I have mix feelings about this but overall I have to say it, this is not enough. Somehow you have to provide some more details so that people can understand if not then I don't think its a good idea.
Robin Kroes commented
It offers no detail to customers.
I would also like to know more. Obviously you need to not expose the exact details that might help someone get around the security, but I’d like to know how my servers are kept secure (and if that’s anything other than what the upstream provider gives anyway).
Ron Seigel commented
It's a TERRIBLE suggestion.