I'm currently tasked with exploring options for hosting secure data for our company that don't require setting up any in-house infrastructure as we don't currently have any. Everyone is a developer and every can pretty much be counted as working remotely.
The current idea we're tossing around is to setup a secure AWS instance to host the controlled content with access to that data provided via SFTP and git over SSH to locked down windows environments that live in VMs. Since we don't have AD or any in-house infrastructure we'll manually be setting up administrator accounts and restricted user accounts to work within the VM.
Assuming that the VMs have anti-virus, firewalls, etc., the host OS has anti-virus, and that the AWS instance is properly firewalled and only opened to an alternative port for SSH, what issues can we still expect to come up from audits or vulnerabilities?
I've seen that there can be shared memory attacks to get info from a guest VM but part of the issue is everyone is a developer and "requires" admin access at some level to work on the arbitrary projects we get.
