How Paranoid about Cloud Security should we be?

The answer is very. Client data is always vitally important and combining that with financial details provides a red hot issue that banks, not surprisingly take very, very seriously.

Lock in Circuit Board
Security is at the heart of stormmq

The answer is very. Client data is always vitally important and combining that with financial details provides a red hot issue that banks, not surprisingly take very, very seriously.

So when a supplier like stormmq comes along and offers a Cloud based Message Queue Service, a discerning CIO will firstly take a view of the commercial proposition (which needs to be convincing) before even considering whether the Service will stand up to the scrutiny of his or her internal audit security teams.

Assuming the commercial proposition is attractive, the next stage is usually about where will my data be held and who has access? At this point a quality Cloud based provider should start to get excited (as we do at stormmq) as we know to what lengths we have taken to build from the ground up a Service that offers 100% guarantee of data security that will convince even the most sceptical CIO out there……

For example:–

We made the decision that our Services have to be 100% secure by default so that it is actually impossible to execute insecure ways of doing things. For example, you can’t use our Services without using SSL (and as things change, we’ll be locking down the choice of ciphers and secure hashes used, too). Internally, we only use IPsec – with IKEv2 the only choice – for all local network traffic. We use whole disk encryption, too.

stormmq Services can only be accessed over encrypted communications. Our web service, API and AMQP end points all use 2048‐bit TLSv1. For our dedicated clusters we also offer private end points and an IPSec VPN and higher encryption strengths (if your operating system supports them). We have a number of controls at our entry points to identify and terminate disruptive traffic (DoS protection).

All messages and out of band traffic through our Messaging Cloud uses mesh IPSec VPN tunnels with X.509 authentication and 256‐bit keys.

All messages, meta‐information and AMQP ‘frames’ arriving at an end point are transmitted encrypted throughout our Messaging Cloud. All messages persisted for later delivery are encrypted on disk using AES‐256 bit keys.

Critical account data encrypted in memory and is only encrypted‐on‐the‐fly.

Our system generates all passwords and secret keys. Hashing and Message Authentication algorithms do not rely on the partly compromised MD5 or SHA‐1 implementations.

Our servers are hardened, locked down and automated to become toasters in the event of compromise using best‐of‐breed practices. Back‐end servers are web‐inaccessible. Your IT Audit teams are welcome to review our server hardening.

All critical operational information is stored encrypted on disk using AES‐256 keys.

All activity is logged. We provide all our clients with a full log of all their activity through their website portal.

The ability to locate and secure your data means so much to us that when you take up our Service, we will sign over ownership of the encrypted hard disks we use to you as an extra option. We provide a certificate of locality and ownership of data. At the end of your subscription, we will present the disks to you for secure destruction.

We only allow a subset of SASL mechanisms, but, more importantly, enforce our password policy on our users. That way, we can ensure passwords are as secure as possible. The automated systems that use messaging don’t need memorable passwords for admin! We haven’t seen clients use LDAP with our solution – primarily as most production systems have a very small set of ‘robot’ users, and the complexity involved vs using Posix file permissions

We’ve taken this further, and use the virtual hosts of AMQP to provide isolated environments for systems, so configuration managers can partition knowledge of passwords for production and development – and prevent data ‘accidents’.

  Raphael ‘Raph’ Cohn

Raphael ‘Raph’ Cohn
Chief Architect
+44 (0) 7590 675 756

I’ve designed, developed and burnt the midnight oil on the graveyard support shift from large systems for banks to troubleshooting telcos to pricing electricity in Singapore. The one thing that was always missing was ‘ready to use’ Message Queuing. Message Queues you could set up and tear down yourself without bureaucracy or crazy costs. Message queues that worked with anything. Then it dawned. Message Queuing should be a cloud based service.