Aviva Zacks of Safety Detective recently sat down with Khash Sajadi, CEO of Cloud 66, and asked him about how his company offers PaaS functionality to its customers.
Safety Detectives: What has your journey to your current job been?
Khash Sajadi: I started programming when I was 12 and continued until my graduation from the university. After graduation, I worked at a few software companies and IT divisions of large companies before starting my first business, which failed very quickly. For the next 10 years, I worked for bigger companies to save some money so I can start my next business. In 2012, I started working on what is now Cloud 66 and the rest, as they say, is history!
SD: Tell me about your company’s services.
KS: Cloud 66 is a DevOps as a Service company. Our products help software teams to build their infrastructure and deploy their applications code, directly from the repository to your own servers on any cloud, without the need for DevOps engineers.
You can use Cloud 66 like your in-house DevOps team to deploy your Rails, Node, and other applications as well as static (JAMStack) sites to any cloud provider. We do this via our product and not consultancy services that are constantly improving and serving thousands of developers around the world.
SD: What makes your company unique?
KS: Over the course of nearly 10 years here at Cloud 66, we have been constant in offering PaaS functionality on any cloud to developers. That allows them full control, flexibility, and cost-saving without worrying about being vender locked.
We’ve seen a lot of technologies come and go. From containerization and its related technologies to various open-source projects that are no longer around. We’ve also seen the power of building tools that empower developers to take control of their infrastructure without having to jump through the hoops laid out by operations teams. We believe regardless of technology, making the cloud accessible and usable to developers is the key to opening new possibilities and unleashing further innovation in our industry and we cheer for any tool, project, or company that’s working toward this aim.
SD: How does your company handle its customers’ security?
KS: Our customers’ security is our highest priority. Our products act as a DevOps team and we take great care to make sure our customers’ infrastructure is secure from malicious attacks and human error. While Cloud 66 products provide a lot of information, guidance, and security improvements out of the box, preventing human error and malicious acts needs everyone to work together.
To help our customers with their online and offline infrastructure security, we introduced a number of activities at Cloud 66 to improve things greatly:
- Don’t share your account details – to avoid password sharing and losing access when members leave your team, you can use a Service Account for your API and command-line access. Running this kind of shared access through a headless, standalone account allows for better control and security.
- We offer free unlimited access to all team members, with fine-grained Access Control Lists through Roles and Permissions.
- Set up user permissions for your team, including access to deploying applications to certain cloud accounts or requiring at least 2 people to sign off on deployment, as well as many more fine-grained permissions.
- We released a server delete protection feature. It stops your actual servers on your cloud provider to be deleted when someone deletes a stack or application by mistake.
- Every action taken in your Cloud 66 account is logged alongside time and IP address in our Audit Logs feature. Checking those actions regularly can help you define patterns of behavior that you can spot if things “just don’t look right.”
- We recommend using password managers like 1Password or LastPass to ensure a strong password.
- All Cloud 66 accounts support 2FA (two-factor authentication) like Google Authenticator, FIDO security keys like Yubikey, and SMS messages. When performing potentially dangerous operations, the system will ask you for your second-factor authentication to enter a “sudo mode.”
- Personal Token Restrictions, while Personal API Tokens can be a convenient way to test your API clients, they can also be a security weak point. These can be disabled across your account for all team members with access to your API endpoints.
- Customers can apply toolbelt login restrictions. They can use the Cloud 66 Toolbelt (CX) to sign in to your account with ease (use
cx login). While this feature makes logging in very quick and easy, it can be disabled across all of your accounts if you run the Toolbelt in an environment you don’t fully trust. - We employ sophisticated methods to protect your accounts from a malicious takeover, ranging from TOR endpoint access to login attempts from geographically removed parts of the world within a short period of time and a lot more. Customers can set up a filter in their email client to bring our security warning emails up to the top.
SD: How is the pandemic affecting your industry?
KS: The pandemic turned everyone upside down. It has been a challenging year for everyone; most suffered emotionally and financially, but it’s natural for humans to look for positive change and from a dev point of view, we will start fresh, from the bottom, where the only way is up!