Secure Cloud AppBuild and host cloud system with highly-sensitive data for a start-up.Full blog is here.
IntroductionObjective was to deliver service-oriented architecture foronline system to store and to search through a highlysensitive data using budget effective approach.Captivated by the benefits of cloud computing decided totake a plunge into the new world.Objectives: high-security of the data at all time, ability tomove around cloud providers and the world, minimaldowntime due to outage, disaster or even court shutdownorder.
Challenges and DecisionsTechnology selection: Microsoft stack primarily due tohigher productivity using well-supported software/tools andamount of information available from community.Cloud Provider Selection: Azure, Amazon, Rackspace,and etc.- decided to try few of the above, with objective tobe able to move between cloud providers and sharedhosting providers with no source code changes.Multi-Level Security: username/password forauthentication, end-user identity token through all layers ofapplication, data-in-transit encryption, data at restencryption, backup encryption.
Security ArchitectureFront-End: User authentication at first using Verisign OpenId,and later switched to Username/Password with passwordhashed and stored in Sql Server - users did not like theintermediate step during sign-in. All traffic is over Https.Service Layer: End-user time-sensitive token issued uponauthentication and is being used to validate user identity andpermission on each service operation request. All traffic is overHttps.Back-End: Application account with permission to execute fewstored procedures to validate user credentials and user-token.Secondary application account with full access using 15 mintime-to-leave password and encrypted for each user-token. Allconnections encrypted using Ssl. Data at-reset protected by SqlServer TDE, ISP administrative account(s) disabled.
Hosting ArchitectureFront-End: Windows Azure Web Role with two instances for load-balancing and fault tolerance purposes. Since there is no credentialsstored here - the web application can be deployed anywhere includingshared hosting.Service Layer: Amazon EC2 Windows Server 2008 R2 two instanceswith load-balancing enabled. Encrypted credentials for limited accessdatabase account - not end of the world even if hacked.Back-End: few were tried: Virtual on Amazon EC2 Windows Server R2(robust but not cheap), Virtual on Go-Daddy VPS (cheap but slow), andiHost physical server for best combination of cost and performance.Hosting company must have no login credentials to the box.Backup: few tried and rejected due to lousy security practices -confirmation email sent contained password. One that supported in-transit and at-rest data encryption was selected, additionally Sqlbackup file was also encrypted by TDE itself - no unencrypted dataanywhere.