Scene 1:Security audit

Use ForkMe! to check if your cloud design is secure. Improves the quality and speed of designer self-checks and audits by information systems departments.


Point:Triage and Default Safe

ForkMe!'s reporting concisely describe the magnitude of the impact security has on your business. Triage like a medical practice is effective in eliminating the business risk caused by insufficient auditing and the waste of time and effort caused by excessive auditing. Quickly understand the magnitude of your business impact with ForkMe! And determine if a detailed audit is necessary.
And if you need a detailed audit, use ForkMe! To discover default safe violations and recommend corrective actions. Default Safe is a simple and powerful design rule that blocks everything except the minimum required communication. ForkMe! Concisely shows the dangers of the communication path in order to discover the violation.


Step1:Judging necessity of detailed audit

1. Select the "OVERVIEW" tab on the report.

2. Confirm that the audit result does not contain the "RDR_0001" error shown in the figure below. If it is displayed, suspend the audit and request a design correction. This error indicates that the design does not contain the information needed for the audit.

3. After resolving the error, check the summary in the middle of the report. Use the "Examples of Judgment Criteria" below to determine the need for a detailed audit. If you do not need a detailed audit, stop the audit here.

Examples of Judgment Criteria

Judgment that detailed audit is necessary (highest priority): When the summary statement shows "Handling personal information" (when handling personal information, security always has the greatest impact on the business)

Judgment that detailed audit is necessary: When the summary statement shows "Handling confidential information" and "connects to ~" (since it works with an external system, the scope of confidential information leakage and the risk of infringement may increase.)

Judgment that detailed audit is unnecessary: ​​If neither of the above applies


Step2:Optimization of information class

1. If you decide that a detailed audit is needed, select the "CONTEXTS" tab on the detailed report.

2. Click "System overview" to see the overview of the application.

3. If the information type of "Information to be handled" does not conform to the type specified by the organization or team, or if the content is confusing, ask the designer to correct it. If this type is incorrect, the security of each communication path cannot be checked correctly.


Step3:Improvement of dangerous communication path

1. Select the "CONTEXTS" tab on the report.

2. Click "System overview" to display the drawing.

3. Confirm that the red arrow line (dangerous communication path where personal information or confidential information are exchanged through an unlimited communication path) in the figure is in the following state. If not, ask the designer to correct it.

Kept to the minimum necessary

Generally, red arrows are allowed for communication paths such as providing a login function to an unspecified number of people.
In particular, server-to-server communication should not use a red arrow.

Encrypted port is being used

Place the cursor on the red arrow line and check the [Connection Port] in the tooltip. If the port is other than 22/443/465/995, the communication may not be encrypted.

Scene 2:Cost evaluation

Use ForkMe! to check the adequacy of costs. Improves accuracy and speed during designer self-checks and cost evaluations by planners.


Point:Cost-effectiveness

It is important that the validity of the cost is commensurate with the importance of the application, not the simple price. Use ForkMe! to check if there is any wasted cost for less important applications and correct them.


Step1:Eliminate zero-effect resources

1. Select the "OVERVIEW" tab on the report.

2. If the error "RDR_0001" is displayed in the audit result, ask the designer to correct it. This error means that it contains resources that are unclear in use and have no cost-effectiveness (zero effectiveness).


Step2:Improved waste of occupied resources

1. Select "RESOURCES" tab for the report.

2. When you see only one "related context" for a resource, it means that the resource is occupied by one context. In general, the more relevant contexts you have, the broader and more effective the role you play, so if you find an occupied resource, you should consider its relevance.
If roles that are commensurate with the estimated cost are not assigned, it may be possible to reduce unnecessary costs by sharing other resources or reducing the size of resources.

Scene 3:Assessment of disability risk

Use ForkMe! to check how much your cloud design can reduce the risk of system failure. Improves the quality and speed of designer self-checks and design advice from the information systems department.


Point:Rate limit and single point of failure

ForkMe!'s reporting capabilities concisely describe the load on your system. In order to reduce the risk of system failure due to overload, it is important to estimate the upper limit of the load with a margin and confirm its feasibility. Check the expected load on ForkMe! And ask the cloud vendor or the external system to cooperate with it to allow it (relaxation of the rate limit).
And, where a single resource problem affects the entire system is called a single point of failure, and its presence increases the risk of system failure. Distribute processing to multiple resources as much as possible to reduce risk. ForkMe!'s reporting feature clarifies resources where processing is concentrated for each purpose. Discover single points of failure in critical applications with ForkMe! And consider resolving them.


Step1:Cloud cap relaxation application

1. Select the "RESOURCES" tab on the report.

2. Click each resource in the list and check if the throughput etc. exceeds the usage limit (rate limit or quota) of each cloud vendor. For rate limits or quarters, search the internet using the name listed in "Type". In the example below, the throughput exceeds the AWS :: CloudFront rate limit of 250,000 rps.

3. Submit a request to relax the limit to the cloud vendor for resources that exceed the usage limit. Ask the account administrator who manages the contract with the cloud vendor to apply. Please note that the application is not always approved. If it is not approved, the design needs to be reviewed, such as distributing communication among multiple resources.


Step2:Application for relaxation of upper limit of external system

1. Select the "ACTORS" tab on the report.

2. The actor with the robot icon is an external system that works with the cloud. Check the usage limit (rate limit or quota) with the person who manages the contract with the external system. Once confirmed, click the "Open Related Contexts" button to proceed.

3. Click the selected context.

4. Place the cursor on the line connected to the robot icon (“external CRM system” in the figure below) in the drawing on the right side of the screen. Check if the displayed communication volume such as "Max traffic" does not exceed the usage limit of the external system.

5. Request the person in charge of the contract to apply for relaxation of the upper limit for external systems that exceed the usage limit. If the application is not approved, the design needs to be reviewed, such as adjusting the communication frequency with the queuing system.


Step3:Redundancy as needed

1. Select the "CONTEXTS" tab of the report.

2. From the list of contexts, find and click the context that requires speedy recovery from a failure. If it is difficult to identify such a context, select an important actor (such as a customer or client) from the "ACTORS" tab of the report, press "Select related contexts" button, and then click on the selected context.

4. Look for a single point of failure by clicking each resource in turn along the arrow starting from the actor in the drawing. In the example below, we will look at "Load balancer", "Web servers", "DB servers", and "Audit log processing" in that order. The light gray arrow leading to the resource labeled "(Complementary resource)" has no major traffic path so you can ignore it at this time.

If you click on the load balancer first, you can see that the type of this resource is "AWS :: ElasticLoadBalancingV2 :: LoadBalancer". This resource is redundant because it corresponds to the "Managed service type resource" in the lower frame. Next, since the web server is "AWS :: AutoScaling :: AutoScalingGroup", it corresponds to "Autoscaling type resource" and is redundant.
If you are not sure which resource corresponds to which case in the lower frame, please contact the designer.
And the DB server is "AWS :: RDS :: DBInstance", so it may not be redundant. Click "Jump to code" from the list on the left to take a closer look. Note that "Jump to code" rotates the part containing the key name of the resource in order, so click it multiple times until you reach the code you want to check. In this example, assuming that the notation of "MultiAZ : true" can be confirmed in the code, it corresponds to "Resources with redundancy option" below, and it is redundant.
Finally, "Audit log processing" is the GCP "compute.v1.instance" defined in gcpTemplate.yaml. Since this is a single virtual machine, you should consider the need for redundancy. Reduce the risk of log loss and make it redundant by switching to a managed service or increasing the number of virtual machines to two to make it redundant. Or you can decide not to make it redundant by reducing the risk of log loss like leaving the original log on the "Web server" itself for a certain period of time and recovering when a problem occurs.

Managed services resources are not a single point of failure: 

-For example, Load Balancer in the figure below is a managed service type resource that entrusts AWS with fault tolerance without being aware of the number of servers. Redundancy is taken into consideration for resources of the same type, and it can be judged that they are not single points of failure. However, if you cannot accept the failure risk of the service itself, you need to design a combination of different types of services (eg, if you cannot accept the risk of CloudFront outage, fail over to API Gateway with the DNS failover function). Please check the documentation of each cloud vendor to see if the resource is a managed service type.

Autoscaling type resource are not a single point of failure: 

-For example, the Auto Scaling Group in the figure below is an auto-scaling type resource that automatically adjusts the number of servers when a failure risk increases. Redundancy is considered for resources of the same type, and it can be determined that it is not a single point of failure. However, depending on the configuration, it can be a single point of failure, so check with the designer for failover details if you need reliable redundancy.

Resources with redundancy option are not a single point of failure : 

-Even if multiple resources are not used, they may be redundant depending on the resource options. For example, the DB Instance in the figure below has a redundancy option (Multi-AZ) that automatically switches processing to the standby server in the event of a server failure. Click "jump to code" and check the provisioning code in the editor to see if the option is enabled. Please check the documentation of each cloud vendor to see if the resource has a redundancy option.

Appendix


ForkMe! and Reindeer


ForkMe! is provided by Reindeer Technology PTE. LTD.
Reindeer wants to reach out to all people by supporting the use of the cloud.
A society in which anyone can create services on their own will bring freedom of expression and diversity of values. We also believe that it promotes the redistribution of wealth to all and brings equal wealth and well-being to people around the world.


ForkMe!

Reindeer Technology PTE. LTD.



Trademarks

*Amazon Web Services and other AWS trademarks are trademarks of Amazon.com, Inc. or its affiliates in the United States and other countries.
*Google and Google Cloud Platform (GCP) is a registered trademark or trademarks of Google LLC.
*Micosoft and Microsoft Azure are registered trademarks or trademarks of Microsoft Corporation in the United States and other countries.
*Terraform is a registered trademark of HashiCorp, Inc.
*All other product names mentioned herein may be trademarks or registered trademarks of their respective companies.