Most often security issues are only considered as data being compromised or stolen. Although that's the ultimate goal of hackers, however attacks like DDoS are capable of bringing the entire business down for days without even entering your premises.
"A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic." - cloudflare.
Don’t let your potential best-selling product suffer due to a vulnerable infrastructure.
Imagine you are constructing your house, what’s the first thing you do ?
You hire an architect and start designing the rooms based on your needs & interestingly also based on privacy. For instance,
Living room is accessible to any visitor.
Bedroom is restricted to owners, friends & family.
Kitchen is visible to your guests, however operated/managed by you and so on.
Designing modern infrastructure for softwares is similar. You must identify the privacy layers in network and who needs access to what. A robust infrastructure needs to have secure and seamless connectivity across all systems and services through
Segregated Networks:
To secure connectivity network must be segregated or subnetted with respect to incoming and outgoing access using Firewall Policies to secure perimeter.
Don't allow any to any.
Avoid putting everything under a single subnet.
Configurations are logically segregated (e.g. per solution or client)
Configurations are tiered/subnetted and firewall rules adapted per tier/subnet
If necessary segregate virtual machines and appliances to dedicated hardware
Production and non-production are separated
Going back to my. house construction example, our master layout is done we start by building a boundary wall to secure the premised from trespassers and then add main gate for authorised entries.
Likewise, software infrastructure needs to secure access for authorised traffic with
Perimeter Security:
Network Policies based on whitelisting
Deny All by default
Ports or Protocol level filters
Do not allow any to any
System to System access policy with firewall rules or network policies.
Sometimes some cloud providers tend to add external Ip sources on the network policies or security groups of the services managed by them for monitoring, management or security scanning. Make sure you validate the whitelisted sources as trusted ones. For example cloud managed database service or managed kubernetes service or various monitoring & scanning services. Ensure to confirm these sources with your cloud provider.
Single Secure Entrypoint:
Make sure the device where requests land first is secure. You can use CDNs like Cloudflare, Akamai as cloud security gateways that helps keeping your app endpoint flexible to point to wherever you backend it, helps in migrations.
These services also provide DNS based backend mapping, Web Application Firewall(WAF) features that implements OWASP policies
DDoS Protection
Single Trusted Point Endpoint exposure
IP Segregation
One stop solution Certificate management like SSL Certs generation renewal, offloading, Mutual TLS to establish zero trust policy with any third party application endpoint.
Dedicated Interconnected Links:
For seamless connectivity Dedicated Private Links should be used for peer to peer connectivity and data transmission. If you running your services in a hybrid cloud model or if you are in a DC and DR setup you need to have direct links between your clouds or sites. If you don't then you cannot assure
Privacy of data in transit between the sites to avoid man in the middle attacks. Be the owner of your entry points.
Fault tolerance, Always opt for dual ISP links so that if one path fails there another available.
Multi Site Data Replication for DR. For data replication you need to have a latency of less than a milli sec. Remember VPN over internet can give you secure connectivity but not the latency.
These configurations will enable secure and seamless connectivity between your intranet and internet.
Coming back to my house construction example, at this stage you have secured the building that will host your software. However, there is still risk of compromising your internal systems and data by vulnerabilities in techs and configs.
That is why you need to ensure the following security policies for internal systems:
System Security:
Regular validation of system hardening, patching and upgrades through configuration management systems.
Applications must not be directly exposed to the internet, instead create a Single Secure Entrypoint as described above.
Follow a zero trust policy for connecting third party services.
Data Security:
Protecting and securing database system and platform by encrypting data at rest and data in transit. Data systems must be placed is a private network segment with whitelisted incoming access and no outgoing internet access.
There must be regular upgrades for security patches and vulnerabilities.
Identity and Access Management:
Create Role Based Access Control policies for accessing applications, cloud accounts, api endpoints and management systems.
A strong password policy with multi factor authentication & periodic rotation is essential to mitigate security threats.
Likewise a strong secret management system for cross service communication with password less authentication will strengthen security of the software.
Logging, Auditing, Monitoring & Reporting:
Server, appliance and system logs, API and console logs, database logs must be aggregated and stored in a centralised location for faster & efficient debugging
Alerts and notification must be configured for critical events such as failed or successful logins, config changes like network policies, user addition, file/folder changes etc.
Immediate and proactive action must be taken to prevent any security issue.
"Security policies should be enforced in the code as a first-class member of Infrastructure creation making it a default feature in every stage of the application lifecycle."
The configurations must be catered to in the form of Infra as Code and version controlled to ensure every configuration change is auditable and traceable.
Such that each time an environment is spun up for applications or IT operations, these principles come by default making it easy for Compliance related activities.
Security settings should no longer be mysterious or to be feared. Thanks to automation, the impact of configuration changes can be ascertained quickly. This approach also permits portability across cloud providers, as well as tenant-specific customisation and review.
Finally, I would like to conclude by mentioning these 5 Key Trust Principles that defines the benchmark for most Compliance and Regulatory needs
Security: The system is protected, both logically and physically, against unauthorised access.
Availability: The system is available for operation and use as committed or agreed to.
Processing Integrity: The completeness, accuracy, validity, timeliness, and authorisation of system processing.
Confidentiality: The system’s ability to protect the information designated as confidential, as
committed or agreed.
Privacy: Personal information is collected, used, retained, disclosed, and disposed of in conformity with the commitments in the privacy notice.
Your objective must be to design and implement a security policy for Cloud Infrastructure based on industry-accepted norms to get them ready for third party information security audit.
Hope you find this blog useful. Join our exclusive readers club below.
Thanks
Kamalika Majumder
Director, Staxa LLP
Comments