According to Russian laws, any company that works with the personal data of its users in Russia becomes a personal data operator, whether it wants it or not. This imposes on it a number of formal and procedural obligations that not every business can or wants to bear on its own.
As practice shows, it is quite right that he does not want to, because this area of knowledge is still so new and not tested in practice that difficulties and questions arise even for professionals. Today we will talk about how we implemented a project to store personal data for our customer and what unobvious difficulties we encountered.
How we helped protect data under 152-FZ
At the beginning of 2019, we were contacted by Smart-Service LLC, a developer of a platform for service management and contact sharing applications .
The first solution allows you to automate the process of equipment maintenance in a variety of areas - from setting up coffee machines and air conditioners in office premises to repairing gas turbines. The second is an online designer for creating electronic business cards based on QR codes.
Online business card myQRcards.
Both systems store and process user data that falls under the classification of “personal” in accordance with 152-FZ. In this case, the law dictates a number of restrictions on storage systems for such personal data in order to ensure the required level of security and eliminate the risk of unauthorized access for the purpose of theft or misuse.
The law must be observed, but Smart Service did not plan to develop within itself the competence to protect personal data. Therefore, the services and data shared by their users “moved” to Linxdatacenter. “Smart-Service” transferred the server capacity of the working environment to a separate protected network zone of our data center, certified in accordance with the requirements stated in 152-FZ - the so-called “Secure Cloud”.
HOW IS A SECURE CLOUD DESIGNED?
Any information system processing personal data must meet three basic requirements:
- access to data storage and processing servers must be made through a VPN channel with encryption in accordance with GOST;
- data storage and processing servers must be constantly monitored by anti-virus protection for vulnerabilities;
- The storage system must be located in isolated networks.
We place the customer’s server capacities in separate areas that meet the requirements of 152-FZ and help obtain a conclusion on compliance.
Architecture of secure virtual infrastructure for Smart Service LLC.
Course of work
The initial approval of the work was carried out in June 2019, which can be considered the start date of the project. All work must be done in a “live” environment with thousands of requests per day. Naturally, it was necessary to complete the project without interrupting the normal operation of both systems.
Therefore, a clear action plan was drawn up and agreed upon, divided into 4 stages:
- preparation,
- migration,
- testing and testing in real conditions,
- enabling monitoring systems and access restrictions.
To be on the safe side, we have included a Disaster Recovery Procedure (DRP). According to the initial plan, the work did not take much time and resources and was due to be completed in July 2019. Each stage included at the end a full test of the network availability and functionality of the systems.
The most difficult stage in which “something could go wrong” was migration. Initially, we planned to carry out the migration by transferring entire virtual machines. This was the most logical option, since it did not require the involvement of additional resources for reconfiguration. It would seem that vMotion could be simpler.
Out of the blue
However, as usually happens on projects in a relatively new field, something unexpected happened.
Since each virtual machine occupies 500 - 1 GB, copying such volumes even within one data center took about 000-3 hours per machine. As a result, we did not meet the allotted time window. This happened due to physical limitations of the disk subsystem when transferring data to vCloud.
A bug in the vCloud version used did not allow Storage vMotion to be organized for a virtual machine with different types of disks, so the disks had to be changed. As a result, it was possible to transfer the virtual machines, but it took longer than planned.
The second point that we did not provide for is the restrictions on moving the database cluster (Failover Cluster MS SQLServer). As a result, it was necessary to switch the cluster to work with one node and leave it outside the protected zone.
Noteworthy: for a still unclear reason, as a result of the transfer of virtual machines, the application cluster fell apart and had to be reassembled.
As a result of the first attempt, we received an unsatisfactory state of the systems and were forced to start planning and developing options again.
Attempt #2
After working on the errors, the team realized that it would be more correct to duplicate the infrastructure in a protected area and copy only the data files. It was decided not to require additional payment from the customer for additional server capacity that had to be deployed to complete the migration.
As a result, when the clusters in the protected area were completely duplicated, the migration went without problems.
Next, it was only necessary to separate the networks of protected and unprotected zones. There were a few minor disruptions here. The stage of testing the entire system in a protected area without any protection was able to start in normal mode. Having collected positive statistics on the system’s operation in this mode, we moved on to the last stage: launching protection systems and restricting access.
Effective outcome and useful lesson
As a result, through joint efforts with the customer, it was possible to make significant changes to the existing server infrastructure, which made it possible to increase the reliability and security of personal data storage, significantly reduce the risks of unauthorized access to them, and obtain a certificate of compliance with storage requirements - an achievement that not everyone has yet achieved developers of similar software.
The bottom line is that the work package for the project looked like this:
- A dedicated subnet has been organized;
- In total, two clusters were migrated, consisting of five virtual machines: Failover database cluster (two virtual machines), Service Fabric application cluster (three virtual machines);
- Data protection and encryption systems have been configured.
Everything seems clear and logical. In practice, everything turns out to be a little more complicated. We were once again convinced that when working with each individual task of such a plan, the highest level of attention to the “little things” is required, which in fact turn out to be not small things, but the determining factors for the success of the entire project.
Source: habr.com