Design considerations for hybrid applications - Security
This article was authored by AzureCAT Marc van Eijk. It was edited by Bruce Hamilton and reviewed by Damir Bersinic, Gavin Kemp, Daniel Neumann, and Emmanuel Sache.
Table of Contents:
- Overview
- Placement
- Scalability
- Availability
- Resiliency
- Manageability
- Security- This article
- Summary & Learn more
Security
Security is one of the primary considerations for any cloud application, and it becomes even more critical for hybrid cloud applications.
For the core discussion of this pillar, see Security in Pillars of software quality.
Security checklist
Assume breach. If one part of the application is compromised, ensure there are solutions in place to minimize the spread of the breach, not only within the same location but also across locations.
Monitor allowed network access. Determine the network access policies for the application, such as only accessing the application from a specific subnet and only allow the minimum ports and protocols between the components required for the application to function properly.
Employ robust authentication. A robust authentication scheme is critical for the security of your application. Consider using a federated identity provider that provides single sign-on capabilities and employs one or more of the following schemes: username and password sign-on, public and private keys, two-factor or multi-factor authentication, and trusted security groups. Determine the appropriate resources to store sensitive data and other secrets for application authentication in addition to certificate types and their requirements.
Use encryption. Protecting data at Rest, in Use, and in Motion each have their own challenges. How valuable is the data you need to protect? Identify whether File, Trusted Platform Module (TPM), Database, Network, Key Vault, or Hardware Security Modules (HSM) will meet your organization’s unique needs.
Use secure channels. A secure channel across the clouds is critical for providing security and authentication checks, real-time protection, quarantine, and other services across clouds.
Define and use roles. Implement roles for resource configurations and single-identity access across clouds. Determine the role-based access control (RBAC) requirements for the application and its platform resources.
Audit your system. System monitoring can log and aggregate data from both the application components and the related cloud platform operations.
Next Article: Summary & Learn more
Comments
- Anonymous
November 06, 2018
UPDATE: We added more detail to the "Use encryption" description.