A Peek Into Sqayy’s Security Design
Security is a never-ending pursuit—there will always be bad guys with bad intentions and we have to continuously find a way to defend ourselves.
Moving Sqayy from a hosting server to Microsoft Azure cloud services was not an easy decision to make but if we’re given a chance to turn back time, we would still choose Azure.
Why not? We can take advantage of massive computing resources with the ability to access those resources from any individual computer, gadget, and cellphone. These perks, however, pale in comparison when it comes to data security.
With Azure, you can definitely count on Microsoft to protect your data.
One fundamental thing that you should realize about the cloud service provider is that security and compliance are the core principles of their operations. It is not an option for their business, IT IS their business. We moved to Azure because of this fundamental principle practiced.
Allison Linn in her article ‘Securing The Cloud’ shared one perspective:
“It was only a few years ago when most of my customer conversations started with, ‘I can’t go to the cloud because of security. It’s not possible,'” said Julia White, Microsoft’s corporate vice president for Azure and security. “And now I have people, more often than not, saying, ‘I need to go to the cloud because of security.‘”
Microsoft counts on 3500+ security engineers to combat over 1.5 million Azure hack attempts per day. They don’t just fend against those attacks, they also learn from them. With the high frequency of attacks they’re facing every day, Azure continues to get better at what they do.
While others tried so hard to secure their server from hacking attempts, we let Azure handles it for us. After all, it’s not really about us and our customers. It’s us against the world.
Below are the Azure security facts:
- Global Telemetry is used to analyze, recognize, and react to threats
- Threat Intelligence monitoring is continually looking for bad actors
- Statistical Profiling is used to build a historical deployment baseline
- Machine Learning (ML) leverages this baseline to detect anomalies in your subscriptions
- ML is used to recommend VM application whitelisting rules
- Behavioral Analytics is used to discover malicious attacks by applying known patterns to your baseline subscription data
In short, you can imagine that Azure is using AI as one of the components to ensure your resources are secured. With Azure’s security assurance, Sqayy’s capability to prepare you from unwanted threats increased.
Adding more to the system’s overall security, Sqayy also provides its own security mechanism as the last line of defense. This ‘backup plan’ proves how serious we are about making sure your data is always secure and reliable.
Daily data backup
Based on our decades of experience in the industry, it is crucial on our end to backup your data every day.
You’ll never know when you might need the previous data especially when you want to undo certain actions and correct your mistakes.
Two is better than one
Sqayy was built with that feature in mind but what makes it more interesting is because we provide you with infinite lives. Yes, infinite.
To achieve that, each Sqayy account comes with two separate environments:
- An environment that contains all of your real data
- It is like a sandbox environment where you can play around without affecting your real data
Let’s take a look on another example so you can have a better picture on what we are trying to tell.
As a librarian at your institution, you need to manage a set of new arrivals ordered last month. Those books, however, are only allowed to be borrowed by the students. So, you updated those books as ‘Student Book’ in Sqayy.
However, the next day you received a lot of complaints from the final year students saying that they cannot borrow those books because they have been reserved.
Later on, you noticed that those books were actually reserved by the public patrons registered to your library through the online portal. You were confident that those books type has been set to ‘Student Book’. Then, why were they made available to the public?
Surprisingly, you’ve found that the books were allowed to be reserved by the public due to some misconfiguration in the patron profiling. What a mess!
You’ll start to wonder if only you can check the configuration or test the rules configured before implementing it. Maybe this situation wouldn’t happen in the first place.
But then, how are you going to confirm the configuration is working as expected if you’re not logged in as a public patron?
This is where the training environment comes in. Since everything you’ve done here is not affecting your real data, you can simply register a new public patron for the sake of testing the configuration you’ve set earlier.
It works like a playground for your real environment. Play around with your configuration to see how it works before applying it to your live environment.
Log as alibi
Therefore, it is crucial for Sqayy to capture and log every action taken by the users from the moment they logged in until they logged out from Sqayy.
That piece of information can act as alibis for users to prove their innocence. To increase the log’s usefulness, Sqayy uses geolocation tracking technology where it can trace the user’s location based on IP address.
But wait, have we mentioned that Sqayy also save the information changed into audit trail logs? Yes, every changes from the moment a record is created, modified up to the moment you removed it from the Sqayy.
Pretty cool, right?
CSRF and XSS protection
Another type of common web attack is Cross-site Scripting (XSS) which exploits the trust of websites that are vulnerable due to no basic validation or escaping input.
These two attacks are different when it comes to damage, popularity, and ease of enacting. However, they can also work together and when that happens, the consequences are far more devastating.
Sqayy, however, is developed with protection against CSRF and XSS attacks. We consider all possible type of exploitation that can be caused by these two attacks. From time to time, any vulnerable points discovered will be eliminated right away to keep your data safe from unauthorized entities.
To summarise, security and threat have become a game of cat and mouse in the recent years. Hackers will always take advantage of us should we let our guard down. We cannot defend ourselves alone as threats are always evolving. Therefore, a great partner like Azure cloud services is no longer an option, it is a MUST.
As the saying goes, always prepare for the worst and hope for the best.