Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Secure Cloud App


Published on

  • Be the first to comment

  • Be the first to like this

Secure Cloud App

  1. 1. Secure Cloud AppBuild and host cloud system with highly-sensitive data for a start-up.Full blog is here.
  2. 2. Solution Overview
  3. 3. IntroductionObjective was to deliver service-oriented architecture foronline system to store and to search through a highlysensitive data using budget effective approach.Captivated by the benefits of cloud computing decided totake a plunge into the new world.Objectives: high-security of the data at all time, ability tomove around cloud providers and the world, minimaldowntime due to outage, disaster or even court shutdownorder.
  4. 4. Challenges and DecisionsTechnology selection: Microsoft stack primarily due tohigher productivity using well-supported software/tools andamount of information available from community.Cloud Provider Selection: Azure, Amazon, Rackspace,and etc.- decided to try few of the above, with objective tobe able to move between cloud providers and sharedhosting providers with no source code changes.Multi-Level Security: username/password forauthentication, end-user identity token through all layers ofapplication, data-in-transit encryption, data at restencryption, backup encryption.
  5. 5. Software ArchitectureFront-End: Html 5 and JavaScript over Https withemphasis on streamlined and lean user-interfaces with fastresponse whether on Desktop, on Internet Tables, or onSmartPhone.Web Server - IIS 7.5 the latest available as of time ofdevelopment. Coding - C# MVC3 with Razor syntax as thelatest flavour for web application development.Service Layer: WCF over Https on IIS7.5. EntityFramework with C# POCO objects for WCF serialization inN-tier environment. Connection to the Db TCP/IP over SslBack-End: Sql Server 2008 R2 Enterprise Edition withTransparent Data Encryption for data protection at rest.
  6. 6. Security ArchitectureFront-End: User authentication at first using Verisign OpenId,and later switched to Username/Password with passwordhashed and stored in Sql Server - users did not like theintermediate step during sign-in. All traffic is over Https.Service Layer: End-user time-sensitive token issued uponauthentication and is being used to validate user identity andpermission on each service operation request. All traffic is overHttps.Back-End: Application account with permission to execute fewstored procedures to validate user credentials and user-token.Secondary application account with full access using 15 mintime-to-leave password and encrypted for each user-token. Allconnections encrypted using Ssl. Data at-reset protected by SqlServer TDE, ISP administrative account(s) disabled.
  7. 7. Hosting ArchitectureFront-End: Windows Azure Web Role with two instances for load-balancing and fault tolerance purposes. Since there is no credentialsstored here - the web application can be deployed anywhere includingshared hosting.Service Layer: Amazon EC2 Windows Server 2008 R2 two instanceswith load-balancing enabled. Encrypted credentials for limited accessdatabase account - not end of the world even if hacked.Back-End: few were tried: Virtual on Amazon EC2 Windows Server R2(robust but not cheap), Virtual on Go-Daddy VPS (cheap but slow), andiHost physical server for best combination of cost and performance.Hosting company must have no login credentials to the box.Backup: few tried and rejected due to lousy security practices -confirmation email sent contained password. One that supported in-transit and at-rest data encryption was selected, additionally Sqlbackup file was also encrypted by TDE itself - no unencrypted dataanywhere.