How do I ensure security for cloud-native applications?

10.12.2021 | 06:47 ㅤ
Author: Gerrit

We have often had to learn painfully what can go wrong when it comes to security. In the many years we have spent developing, building and operating cloud structures, we have had to go through a multitude of these experiences. And that's why we've been thinking about how things can be done differently and how we can solve potential problems for our customers as simply as possible.

"Security by design" - is, after all, one of the buzzwords that are quickly uttered in connection with data protection and data security. Unfortunately, this is anything but easy to implement in practice. What looks like a unified whole to users and data protection experts are complex structures consisting of various cloud services, microservices and open source components. All of this has to be dovetailed, orchestrated and securely connected. That's challenging enough. That's exactly why we at mogenius not only made sure that users can set up their cloud environment as quickly as possible, but also built in a lot of security.

Never again forget certificates

You can set up an SSL certificate fairly quickly; but unfortunately just as quickly forget about it again. Later on it can be embarrassing when connections suddenly no longer appear to be trustworthy during operation, or connections are rejected because their validity has expired. And then it gets hectic , which obviously is not ideal and often time-consuming to quickly initiate the renewal process under pressure. After all, this is not a task that is typically a routine job. Because we know this from our own experience, we take care this task on the mogenius platform. With our certificate management, users don't have to worry about their certificates simply expiring unnoticed.

Protection against DDoS attacks

Last year, the number of DDoS attacks reached a new all-time high. Probably everyone familiar with cloud infrastructure knows it's not a question of whether their systems will become a target of such attacks, but rather when that will be the case. The number of potential attack vectors is also growing here: not just because of more intensive use of IoT devices or stronger networking between different external systems. Attackers are now also carrying out attacks directly through the structures of hyperscalers. 

At mogenius, we work with the world's leading security technologies, among them Cloudflare, which protects our infrastructure with its enterprise solution. And thus also your cloudspace. And the good news: the full protection that well-known brands rely on will not cost anything extra, as it is already included in the mogenius subscription plans.

Even more security: Cascading DNS proxy

For attackers, knowledge of a system's (fixed) IP address is a major asset. Accordingly, it should be strongly protected. Our system takes care of that for our users automatically. That's because for every cloudspace we apply cascading DNS proxies. This works like a cloak of invisibility for the applications. Because as soon as an attacker has determined the IP address, it has already changed again. This makes the target equally invisible to attackers. Speaking of invisible: SQL databases are just as secure, because they can only ever be accessed from our internal systems. We do not run them as an "exposed host". 

Caching, load balancing - all already built in

It doesn't have to be an attack: If access numbers for cloud applications suddenly increase, it could be the result of a successful advertising campaign. Fortunately, many measures that protect against DDoS attacks are also good for the performance of a system. That's why we at mogenius have added some extras. They make it harder for attackers, but faster for our users' system. Thanks to caching and load-balancing, nothing can derail the applications hosted at mogenius so quickly. Whether seasonal fluctuations or a real boom: our security features combine the best user experience and security.