In today’s dynamic infrastructures, application platforms are constantly created and dismantled. In this video, you’ll learn about the security concerns associated with provisioning and deprovisioning these application platforms.
<< Previous Video: Version Control and Change Management Next: Secure Coding Techniques >>
The process of provisioning means that we’re going to make something available. That means if we’re deploying an application, we need to provision a web server, a database server, a middleware server, user workstation configurations, certificate updates, and other components that are necessary for making that application operate. If we’re provisioning an application, there may be security components that we need to add to the operating system or to the application itself. If we’re deploying network security components, then there may be a requirement to update secure VLAN configurations, to add some firewall rules, or to update VPN access. And software that we’re provisioning on a workstation may require additional checks for malicious code and to verify that the workstation itself is secure.
One of the benefits of cloud computing is the ability to automate this entire provisioning process. We refer to this as orchestration, where we can push a button and an entire platform of applications can be deployed instantly. This means that we aren’t deploying single servers or single pieces of an application. We can automate the entire process to deploy everything needed to run a particular application all with one keystroke. This means that all the servers, the networking components, and the security pieces are all deployed instantly.
This allows organizations to use a follow-the-sun approach for their applications. They can provision applications in certain parts of the world where people are up and working, and as people go home and go to sleep, they can deprovision those applications and only pay for the resources that they need at any particular time. With this orchestration capability, you can not only automate the provision of the application, but you can automate the provision of all of the security components necessary to secure that application.
The process of removing the application, or deprovisioning, the app is just as important as the provisioning process itself. We want to be sure that when we dismantle and remove the application, we’re removing all parts of it. We don’t want to leave any open holes, and we want to make sure that we close any holes that we would have made initially. This means that if we provision the app and we create a virtual firewall with a number of firewall rules associated with it, that when we deprovision the app, we’re able to remove those rules and prevent anybody from gaining access to a part of the network that they should not have access to.
We also have to think of the data that might be left behind. When you provision an app, that application may be creating data and store it in a different place. And when you deprovision the app, you have to decide whether you’re going to remove that data or move that data to a different place.