I’m involved in creating a web based business solution. The idea is that the customers will use it, get their business processes and information into one place and also receive added business value by inter-system communication. In short they will use it as a core tool in their daily work and will depend highly upon it.
One problem in need of a solution is how to get this web system secure enough to be an alternative which both we and the customers will find satisfactory. I am looking for good advice from others who have been or are in the same situation.
In our specific scenario we’re currently looking at using Java SE 6, Tomcat (as a Servlet container, needed as we will use Wicket), Hibernate (to interact with our database) and MySQL (as DBMS).
I think the problem and advice will be of interest for other technology users as well. As many of the issues are general ones regarding HDD failure, network accessibility and other things.
Feel free to give any advice you have! I still provide some questions and thoughts to get us going:
- The system needs to be reachable through the Internet. What should we think about when deciding on how to host it? (i.e. do we need our web host to have multiple physical paths connecting them to the Internet and similar questions.)
- Are there check lists for these kinds of things? Maybe ISO standards or some other way of seeing that we are on the right track by looking through an article/check list/academic paper/book?
- Later in the project we think it would be a good idea to get someone involved who has extensive experience in the field. In that case we’re not looking for a normal web developer. It is likely that more consulting firms will tell us they are capable of providing this expertise then there actually are. Any tips on how we will get in contact with the right people? (We’re based in Scandinavia, so it would be preferable to find someone there.)
- How high up time is good enough? 99.99% seems like a reasonable goal. But any downtime might result in loss of business for our customers.
- How do we guarantee that each customer only will be able to access its own data? As the system will be able to access it’s own database, it seems hard. A proper development process, involving lots of testing, is really all we have regarding user privileges.
- How do we deal with HDD failures? Is RAID 5 in combination with a daily incremental backup and a weekly full backup enough? Or would you go for RAID 6?
- If one server is enough to serve the clients. Would you still use a cluster? (I would think so.) And in that case, how many nodes would you have in the cluster?
- Which backup strategy would you use?
- Do you think hosting the system in a computer cloud is a good alternative? (i.e. as provided by Amazon, Google or others.)
- Would you use hard disk encryption? And if so, which kind? (One clarification: Yes it’s only good if someone steals the hard disk, but that’s still added security and may prevent (physical) intruders access to vital client business data.)
- Is providing the customer with a way to do their own backups as well a good alternative? These customers won’t be technically oriented. So in that case downloading the information in a ZIP archive containing Microsoft Office files might be a good way?
- How would you monitor the solution?
- Which of these things do you think we should do in house and which should be out sourced? We will develop the core system our self’s, of course.
- If you feel that the system is secure, as a technical person. How do you convince a non technical person that it’s safe and secure?
Thank you for your time! I hope you have some input to share. More questions might be added later.
I too make web apps in my personal time and job so I can understand why you ask the above questions. While at work none of the above issues are discussed, I pay a lot of attention to these things in my personal work. I can’t answer all your questions, but for the ones I can, I will say this:
How would you monitor the solution? I am developing an ASP.NET web app, and so I’m using performance monitors, logging, tracing (only for dev though), health monitoring, and a custom Sql Server performance monitoring system which I’m writing (although before this gets rolled out, I will use AppManager by AdventNet).
Which of these things do you think we should do in house and which should be out sourced? We will develop the core system our self's, of course.This is an excellent question as I have the same decision to make, all the time. I would outsource what doesn’t lie in my skillset (so if I need to do 3d work, outsource it). Also, stick to the strengths of your team, concentrate on business functionality as this is what will please/draw the users (I say this from a commercial point of view for a home-user facing web app), and outsource the critical internal systems like backup, monitoring, logging, etc (I haven’t outsourced this due to the cost/financial resources I have available, and I make stuff so I can learn – thus code it myself even though this is the long approach – but I enjoy it).
Are there check lists for these kinds of things? Maybe ISO standards or some other way of seeing that we are on the right track by looking through an article/check list/academic paper/book?You say you are using Java/MySQL/Hibernate, but Microsoft have some excellent guides on web application security and generally building scalable and secure applications (both web and windows based). Look at Microsoft Patterns and Practises.
Do you think hosting the system in a computer cloud is a good alternative? (i.e. as provided by Amazon, Google or others.)Yes. This is cheap, effective, and will take stress off your internal architecture (I’m thinking of how you can use CDNs and Amazon EC2 to store static files). I say static files, so you can store content which doesn’t change often, and which can be cached.
If you feel that the system is secure, as a technical person. How do you convince a non technical person that it's safe and secure?Ask them to cause a breach.
How do we guarantee that each customer only will be able to access its own data? As the system will be able to access it's own database, it seems hard. A proper development process, involving lots of testing, is really all we have regarding user privileges.I am not sure I understand what this question is asking, but you can use login systems, membership/roles (this is ASP.NET only though), and stored procedures to ensure that a user can only ever see his or her own data and not anyone elses.
I too would be interested in answers to the rest of the questions.