Cloud Application Architectures
George Reese
Security implications of the cloud
are
- Lawsuits that do not involve you become a security concern
- Many of the laws and standards that govern your IT infrastructure were created without virtualization in mind
- The idea of perimeter security is largely nonsensical in the cloud
- How you manage user credentials goes beyond standard identity management
Encrypt Everything
- Encrypt sensitive data in your databse and in memory
- Decrypt it only in memory for the duration of the need for the data
- Encrypt your backups
- Encrypt your network traffic
- Encrypt your filesystems
Regulatory and Standards Compliance
how, where, what
Directive 95/46/EC HIPAA PCI or PCI DSS SOX 21CFR11
A few best practices
include
- Run only one network service (plus necessary administrative services) on each virtual server
- Do not open up direct access to your most sensitive data
- Open only the ports absolutely necessary to support a server's service and nothing more
- Limit access to your services to clients who need to access them
- Even if you are not doing load balancing, use a reverse proxy
- Use the dynamic nature of the cloud to automate your security embarrassments
Cloud Vendors
provide
- Network Intrusion Detection
- System Hardening
- Antivirus Protection
- Host Intrusion Detection
- Data Segmentation
- Credential Management
Chapter 6
Disaster Recovery
Recovery Point Objective
provide