Scene 1:Security audit

Use ForkMe! to check if your cloud design is secure. Improves the quality and speed of designer self-checks and audits by information systems departments.


Point:Triage and Default Safe

ForkMe!'s reporting concisely describe the magnitude of the impact security has on your business. Triage like a medical practice is effective in eliminating the business risk caused by insufficient auditing and the waste of time and effort caused by excessive auditing. Quickly understand the magnitude of your business impact with ForkMe! And determine if a detailed audit is necessary.
And if you need a detailed audit, use ForkMe! To discover default safe violations and recommend corrective actions. Default Safe is a simple and powerful design rule that blocks everything except the minimum required communication. ForkMe! Concisely shows the dangers of the communication path in order to discover the violation.


Step1:Judging necessity of detailed audit

1. Select the "OVERVIEW" tab on the report.

2. Confirm that the audit result does not contain the "RDR_0001" error shown in the figure below. If it is displayed, suspend the audit and request a design correction. This error indicates that the design does not contain the information needed for the audit.

3. After resolving the error, check the summary in the middle of the report. Use the "Examples of Judgment Criteria" below to determine the need for a detailed audit. If you do not need a detailed audit, stop the audit here.

Examples of Judgment Criteria

Judgment that detailed audit is necessary (highest priority): When the summary statement shows "Handling personal information" (when handling personal information, security always has the greatest impact on the business)

Judgment that detailed audit is necessary: When the summary statement shows "Handling confidential information" and "connects to ~" (since it works with an external system, the scope of confidential information leakage and the risk of infringement may increase.)

Judgment that detailed audit is unnecessary: ​​If neither of the above applies


Step2:Optimization of information class

1. If you decide that a detailed audit is needed, select the "CONTEXTS" tab on the detailed report.

2. Click "System overview" to see the overview of the application.

3. If the information type of "Information to be handled" does not conform to the type specified by the organization or team, or if the content is confusing, ask the designer to correct it. If this type is incorrect, the security of each communication path cannot be checked correctly.


Step3:Improvement of dangerous communication path

1. Select the "CONTEXTS" tab on the report.

2. Click each context in the list one by one to check the details.

3. In the figure at the bottom right of the screen, the line connecting the boxes with white frames is the communication path. Check the safety of all communication paths included in the figure by following below. Check with the designer for the need for dangerous or sensitive communications. And instruct the designer to use as little as possible.

Dangerous communication: Internet communication (red line) + Unlimited communication (red icon with a key) + Information type including personal / confidential information ("Class A" part in the example below)

・This type of communication is a dangerous situation with high security risks. It is unavoidably necessary for displaying the member site for public, but please check the necessity carefully so as to minimize the use as much as possible.
※Note: If the port is other than 22/443/465/995, ask the designer to encrypt the communication.

Communication to be careful: Internet communication (red line) + Restricted communication (green icon with closed key) + Information type including personal / confidential information ("Class A" part in the example below)

・This type of communication may not be fully restricted and may not reduce security risks. Therefore, please carefully check the necessity and restriction method to minimize the usage as much as possible.
※Note: If the port is other than 22/443/465/995, ask the designer to encrypt the communication.

Scene 2:Cost evaluation

Use ForkMe! to check the adequacy of costs. Improves accuracy and speed during designer self-checks and cost evaluations by planners.


Point:Cost-effectiveness

It is important that the validity of the cost is commensurate with the importance of the application, not the simple price. Use ForkMe! to check if there is any wasted cost for less important applications and correct them.


Step1:Eliminate zero-effect resources

1. Select the "OVERVIEW" tab on the report.

2. If the error "RDR_0001" is displayed in the audit result, ask the designer to correct it. This error means that it contains resources that are unclear in use and have no cost-effectiveness (zero effectiveness).


Step2:Improved waste of occupied resources

1. Select the "OVERVIEW" tab on the report.

2. Click "System overview" to see the overview of the application.

3. In the relationship diagram of actors, resources, and contexts displayed on the right side of the screen, pay attention to the relationship (connection between both columns) between the context (column in the center of the relationship diagram) and the resource (column on the right end of the relationship diagram). Of the resources in the right column, those with only one line connected are resources that are occupied for one purpose. Once you have found the occupied resource, proceed to the next. (In the example below, AdministrationInstance etc.)

4. Place the cursor on the line connecting the occupied resource and check the context name that occupies the resource ("System administration" in the example below). If you see this name and determine that it is clearly important, then you do not need to proceed because the occupancy is valid. If less important / not sure, proceed to the next.

5. Click the line connecting to the occupied resource to select the target resource as shown in the figure below. Ask the designer to consider whether the same resource can be reduced by sharing the processing with other resources.
Note: The estimated cost of the selected resource ($20 / month in the example below) is an estimated cost within the range that ForkMe! can calculate. Eliminating occupied resources can result in greater cost savings.

6. Note that in a design with a large number of context and resource connections as shown in the figure below, similar uses may be subdivided into multiple contexts. Therefore, when specifying a shared resource, target not only resources that have one connection to the context, but also resources that have a relatively small number of connections (several) compared to other resources.

Scene 3:Assessment of disability risk

Use ForkMe! to check how much your cloud design can reduce the risk of system failure. Improves the quality and speed of designer self-checks and design advice from the information systems department.


Point:Rate limit and single point of failure

ForkMe!'s reporting capabilities concisely describe the load on your system. In order to reduce the risk of system failure due to overload, it is important to estimate the upper limit of the load with a margin and confirm its feasibility. Check the expected load on ForkMe! And ask the cloud vendor or the external system to cooperate with it to allow it (relaxation of the rate limit).
And, where a single resource problem affects the entire system is called a single point of failure, and its presence increases the risk of system failure. Distribute processing to multiple resources as much as possible to reduce risk. ForkMe!'s reporting feature clarifies resources where processing is concentrated for each purpose. Discover single points of failure in critical applications with ForkMe! And consider resolving them.


Step1:Cloud cap relaxation application

1. Select the "RESOURCES" tab on the report.

2. Click each resource in the list and check if the throughput etc. exceeds the usage limit (rate limit or quota) of each cloud vendor. For rate limits or quarters, search the internet using the name listed in "Type". In the example below, the throughput exceeds the AWS :: CloudFront rate limit of 250,000 rps.

3. Submit a request to relax the limit to the cloud vendor for resources that exceed the usage limit. Ask the account administrator who manages the contract with the cloud vendor to apply. Please note that the application is not always approved. If it is not approved, the design needs to be reviewed, such as distributing communication among multiple resources.


Step2:Application for relaxation of upper limit of external system

1. Select the "ACTORS" tab on the report.

2. The actor with the robot icon is an external system that works with the cloud. Check the usage limit (rate limit or quota) with the person who manages the contract with the external system. Once confirmed, click the "Open Related Contexts" button to proceed.

3. Click the selected context.

4. In the drawing on the right side of the screen, place the cursor on the line that connects to the green box (“External CRM System” in the figure below). Check if the displayed communication volume such as "Throughput" does not exceed the usage limit of the external system.

5. Request the person in charge of the contract to apply for relaxation of the upper limit for external systems that exceed the usage limit. If the application is not approved, the design needs to be reviewed, such as adjusting the communication frequency with the queuing system.


Step3:Redundancy as needed

1. Select the "CONTEXTS" tab of the report.

2. Click "System overview" to see overview of the application.

3. Use the actor, resource, and context relationships displayed on the right side of the screen to find the context that requires speedy recovery from a disaster. Pay particular attention to the relationship between actors (leftmost column in the figure) and contexts (center column in the figure), as they are likely to be in context that leads to important actors. In the example below, "Site browsing" that leads to "Site visitors" is likely to be the target.

4. When you click the target context of the system bird's-eye view, the figure on the right of the screen changes to the data flow for each context. Let's click each resource in the figure in order to see the details. In the example below, click "02 Load Balancer".

5.  The resource clicked in the report on the left side of the screen is selected and displayed. Look for a single point of failure by referring to the indicators below. A single point of failure is where a single resource problem affects the entire system and requires resource redundancy to resolve it.

Not a single point of failure if a managed service type resource is selected: 

・For example, Load Balancer in the figure below is a managed service type resource that entrusts AWS with fault tolerance without being aware of the number of servers. Redundancy is taken into consideration for resources of the same type, and it can be judged that they are not single points of failure. However, if you cannot accept the failure risk of the service itself, you need to design a combination of different types of services (eg, if you cannot accept the risk of CloudFront outage, fail over to API Gateway with the DNS failover function). Please check the documentation of each cloud vendor to see if the resource is a managed service type.

Not a single point of failure if an autoscaling resource is selected: 

・For example, the AutoScalingGroup in the figure below is an auto-scaling type resource that automatically adjusts the number of servers in the event of a failure. Redundancy is considered for resources of the same type, and it can be determined that they are not single points of failure. However, depending on the configuration, it can be a single point of failure, so check with the designer for failover details if you need reliable redundancy.

Not a single point of failure if multiple resources of the same type are selected: 

・For example, in the figure below, two AWS:EC2:Instance (AWS EC2 server) are selected, so it can be judged that it is not a single point of failure. However, if these objectives are load distribution and failure is not taken into account, redundancy may be inadequate. Check with the designer for details on failover behavior if you want a reliable response.

Not a single point of failure if redundancy is set in the resource options: 

・Even if multiple resources of the same type are not selected, they may be made redundant by the resource options. For example, the DBInstance in the figure below has a redundancy option (Multi-AZ) that automatically switches processing to the standby server in the event of a server failure. Click "Jump to code" and check the provisioning code in the code editor to see if the option is enabled. Please check the documentation of each cloud vendor to see if the resource has a redundancy option.

6.  If you find a single point of failure, ask the designer to consider redundancy. However, redundancy generally comes at an additional cost, so the need for implementation should be determined as needed. As we focused on the recovery speed from a failure in step2 of this step, there is no need for redundancy if the recovery speed is not required or if the required recovery speed can be secured manually by the operation staff.

Appendix


ForkMe! and Reindeer


ForkMe! is provided by Reindeer Technology PTE. LTD.
Reindeer wants to reach out to all people by supporting the use of the cloud.
A society in which anyone can create services on their own will bring freedom of expression and diversity of values. We also believe that it promotes the redistribution of wealth to all and brings equal wealth and well-being to people around the world.


ForkMe!

Reindeer Technology PTE. LTD.