In this fantastic post Coinbase outlines how it builds secure infrastructure in The Cloud. They share some of what they have learned, creating a useful starting point for how firms should build paranoid and productive infrastructure in the cloud.
Three and a half years ago, Coinbase launched using a simple hosting platform: Heroku. It was the right solution at the time. With just two technical founders building the product (neither with any serious dev-ops experience) we knew that Heroku would be more battle tested than any solution we could hack together on our own. But we also knew this wouldn’t work forever. Early in our company’s history, we started to contemplate the next version of our infrastructure that would run inside AWS. It had to be built from the ground up with security in mind (the most common ways that bitcoin companies die is due to theft and hacking) but we didn’t want to compromise on engineering happiness and productivity.