Cloud Application Architectures

George Reese

Chapter 5



Security implications of the cloud


  • Lawsuits that do not involve you become a security concern
  • Many of the laws and standards that govern your IT infrastructure were created without virtualization in mind
  • The idea of perimeter security is largely nonsensical in the cloud
  • How you manage user credentials goes beyond standard identity management

Data Security

Encrypt Everything

  • Encrypt sensitive data in your databse and in memory
  • Decrypt it only in memory for the duration of the need for the data
  • Encrypt your backups
  • Encrypt your network traffic
  • Encrypt your filesystems

Regulatory and Standards Compliance

how, where, what

Directive 95/46/EC HIPAA PCI or PCI DSS SOX 21CFR11

Network Security

A few best practices


  • Run only one network service (plus necessary administrative services) on each virtual server
  • Do not open up direct access to your most sensitive data
  • Open only the ports absolutely necessary to support a server's service and nothing more
  • Limit access to your services to clients who need to access them
  • Even if you are not doing load balancing, use a reverse proxy
  • Use the dynamic nature of the cloud to automate your security embarrassments

Host Security

Cloud Vendors


  • Network Intrusion Detection
  • System Hardening
  • Antivirus Protection
  • Host Intrusion Detection
  • Data Segmentation
  • Credential Management

Chapter 6

Disaster Recovery

Recovery Point Objective


Thank you