Tagged: architecture


Database encryption – is it worthwhile?

The Wall Street Journal recently reported giant US-based health insurer Anthem had suffered a massive breach of its sensitive customer database. It is thought the entire contents of the database was successfully retrieved by the intruders, who had obtained a legitimate employee’s credentials. The Journal cited a source familiar with the breach, who said the sensitive database was not encrypted and that encryption would have made it more difficult for the intruders to obtain the information. This gives rise to an important security architecture question: when should you encrypt a database? What are the benefits? Would database encryption help? We have very few public details to work off, but in this case I believe database encryption would not have altered the outcome. The intruder had obtained a legitimate employee’s...


Is N-tier architecture still relevant in the public cloud?

Classic N-tier architecture has been with us for well over a decade.  But does it still have a security role to play in public cloud deployments?  First a recap.  We’ll use a database-driven three tier web application in our examples, as this will cover a large number of real-world scenarios. What is N-tier and how does it help? (pre-cloud) Pro tip: skip to the next heading if you don’t need an N-tier refresher. It was once common for all parts an application to sit on the same server – the web server that gives code to the user’s browser (presentation), the application (business logic), and the database (data) were all together.  It was cheap, easy to implement, but could not scale horizontally.  Application boundaries could be unclear, and a...