Encryption in ⛅ cloud native apps

Devs are sometimes tempted to depart information safety “as is” whereas constructing cloud native apps. With all of the choices cloud suppliers give, you’ll be able to have an phantasm of every part working securely by default. However…

…In actuality, the necessity for information safety and app safety doesn’t disappear automagically in a cloud and safety requires your efforts and a special method. You’re to guard the info each time it exists.




🌁 However why?

In a cloud atmosphere, you’ve got many safety issues eradicated or cared by the cloud supplier. Concurrently, you’ve got much less management over the perimeter and plenty of issues are simply checkboxes on the admin panel.

Since infrastructure capability is now not a restrict in a cloud, you’ll be able to have a number of complicated dataflows – they usually require setting out and mapping controls onto them.

❇️ For instance, to forestall different builders and DBAs from accessing delicate information in manufacturing you’ll want area degree encryption. To cease SQL injections and insiders you’ll must request firewalls and monitoring instruments. To revive the occasions and discover a root trigger in case of incidents you’ll want audit logging.

Managing this complexity is difficult.

💡 Right here comes the fact test: it’s the info proprietor however not the infrastructure operator who’s accountable for a breach below GDPR, PCI, CCPA, and most different rules.

Thus, whereas some safety duties are dealt with by your cloud supplier, you continue to must cope with information safety and appsec.



🌁 However how?

The method of constructing safety choices often contains such steps as threat evaluation and threat mitigation, menace modelling, loss occasion situations, and so on. In a cloud atmosphere, you comply with the identical steps however make them related to the cloud.



☀️ 3 details to deal with for cloud native safety are:

✔️ 1. Minimizing the variety of merchandise/instruments you employ for a similar safety aim. The much less instruments, configurations, bugs or dependencies you handle, the higher.

✔️ 2. Configuring the preventive, detective, and corrective safety controls to guard from completely different threats however to work for the frequent aim.

✔️ 3. Constructing a single information safety layer with particular controls (like software degree encryption, authentication, firewalling, information loss prevention, anomaly detection, anonymization, and so on.).


How precisely to construct an information safety layer and which instruments to make use of rely in your system design and safety necessities.

💡 For instance, you’ll be able to put a database encryption proxy between your app and database to get clear encryption/decryption with out huge adjustments in your answer. (Acra database security suite, accessible from GitHub, completely matches this activity.)

Information Entry Object (DAO) service may be of assist when you’ve got a number of databases (particularly a mixture of SQL and NoSQL, Acra will assist right here as nicely).

And generally, the one solution to combine cryptographic code proper into your software code is to use an encryption library or SDK (like Themis cryptographic library).


😊 Good factor is that we now have already constructed many various information safety layers for numerous use circumstances, and know approaches, instruments, and typical pitfalls. We’re right here to assist you in slicing by way of complexity and defending your helpful information.

Drop us a line in the event you face a problem. And comply with our blogs on DEV, our website, and Twitter for extra security-related updates. 🔐



Add a Comment

Your email address will not be published. Required fields are marked *