10 Benefits of cloud thinking

This chapter covers

How externalizing configuration improves security
Structure as separate, stateless processes
How centralized logging improves security
Structuring admin functionality
The three R’s of enterprise security

To successfully run applications in a cloud environment, you need to design them in a way that enables you to fully take advantage of the possibilities the cloud can give you. This means your applications are required to adhere to certain principles and display certain properties, such as being stateless or environment-agnostic. Cloud environments bring a new set of standards for building applications. An interesting observation is that this new way of building applications and systems has proven to be beneficial regardless of whether you’re running them in the cloud or not. Even more interesting is that we’ve found there are also benefits from a security perspective.

10.1 The twelve-factor app and cloud-native concepts

10.2 Storing configuration in the environment

10.2.1 Don’t put environment configuration in code

10.2.2 Never store secrets in resource files

10.2.3 Placing configuration in the environment

10.3 Separate processes

10.3.1 Deploying and running are separate things

10.3.2 Processing instances don’t hold state

10.3.3 Security benefits

10.4 Avoid logging to file

10.4.1 Confidentiality

10.4.2 Integrity

10.4.3 Availability

10.4.4 Logging as a service

10.5 Admin processes

10.5.1 The security risk of overlooked admin tasks

10.5.2 Admin tasks as first-class citizens

Admin of log files

10.6 Service discovery and load balancing

10.6.1 Centralized load balancing

10.6.2 Client-side load balancing

10.6.3 Embracing change

10.7 The three R’s of enterprise security