Friday, 22 March 2013

What if it's enterprise


Being a quite exhausted Friday night I propose a little tinkering about enterprise. What if budget is no problem? What if you can build anything you want and you find better. Things that makes the project more secure, safe, reliable and stable.

I've got some questions regarding a fresh project and was instantly wondering if they know how much work would that be. In an agile world it's not that easy to figure out what are your requirements. As simple as a form, an entity, data structure or a title of a page. And when the next question is about "how could we replicate the servers in the cloud in a secure way" - you just cannot take that seriously.

But let's say it will come sometime. What are these enterprise solutions? As a caveat please note - I'm far from being an expert here - it's just a Friday night mind-puke - if you like.

So we have our application. We have to make sure the code is perfect. That gives us a few choice only - so time to convert everything to Haskell or F#. We might want to separate all component to different servers - just to make sure they are all sandboxed, no close dependencies and different bits are easily replaceable. We probably have to store the code locally, and use a different repository for the binaries. At the end we only push binaries to the production server on order to avoid revealing the code. Security is important.

Databases of course has to be replicated over several regions. All data syncs has to travel through SSL channels to keep its secrecy. When it's about failover than it's always better to pick more than one cloud service - so it's less likely that they all go down the same time. Database has to be encrypted and the server side code should contain the decrypting mechanism.

Sessions should be also replicated (well, let's replicate everything) over several servers. So a glitch on the server won't lose the sessions. Also if it's separated then an attack on the web server could prevent accessing to session files.

Web servers has to be on an elastic infrastructure where new machines can be fired up whenever the load reaches a certain level.

Authentication has to be external as well. LDAP or other SSO would do the job probably. It may require SMS verification, fingerprint or something similar.

The site has to have a full test coverage. Doesn't matter if it's functional or unit as far as coverage is complete. They have to be validated against the real dataset - so should be ran after each content or configuration update. Code should ran through all the available code quality assurance tools, such as syntax checkers, convention validators and consistency analysis.

On all the replicated instances we need active monitoring and logging that is pushed to a central secret service.

I think the most secure way to present a site would be a client site decryption mechanism. So only a single browser window can decode a specially targeted encrypted output.

I guess that's not too much after all. This would make sure that you need at least 2 servers to decrypt any data. Depends if the data server file system is also encrypted. Anyways. Too much fantasy for a Friday night.

---

Peter

No comments:

Post a Comment