10 Benefits of cloud thinking

 

This chapter covers

    • How externalizing configuration improves security
    • Structure as separate, stateless processes
    • How centralized logging improves security
    • Structuring admin functionality
    • The three R’s of enterprise security

    To successfully run applications in a cloud environment, you need to design them in a way that enables you to fully take advantage of the possibilities the cloud can give you. This means your applications are required to adhere to certain principles and display certain properties, such as being stateless or environment-agnostic. Cloud environments bring a new set of standards for building applications. An interesting observation is that this new way of building applications and systems has proven to be beneficial regardless of whether you’re running them in the cloud or not. Even more interesting is that we’ve found there are also benefits from a security perspective.

    10.1 The twelve-factor app and cloud-native concepts

    10.2 Storing configuration in the environment

    10.2.1 Don’t put environment configuration in code

    10.2.2 Never store secrets in resource files

    10.2.3 Placing configuration in the environment

    10.3 Separate processes

    10.3.1 Deploying and running are separate things

    10.3.2 Processing instances don’t hold state

    10.3.3 Security benefits

    10.4 Avoid logging to file

    10.4.1 Confidentiality

    10.4.2 Integrity

    10.4.3 Availability

    10.4.4 Logging as a service

    10.5 Admin processes

    10.5.1 The security risk of overlooked admin tasks

    10.5.2 Admin tasks as first-class citizens

    Admin of log files

    10.6 Service discovery and load balancing

    10.6.1 Centralized load balancing

    10.6.2 Client-side load balancing

    10.6.3 Embracing change

    10.7 The three R’s of enterprise security