Development in the cloud, information security and personal data: a digest for reading on the weekend from 1cloud

These are materials from our corporate and hubblog about working with personal data, protecting IT systems and cloud development. In this digest you will find posts with analysis of terms, basic approaches and technologies, as well as materials about IT standards.

/Unsplash/ Zan Ilic

Working with personal data, standards and basics of information security

• What is the essence of the law on personal data (PD). Introductory material on legislative acts regulating the work with PD. We tell you who the Federal Law No. 152 applies to and does not apply to, and what should be understood as consent to the processing of PD. And we give a scheme of actions to comply with the requirements of the Federal Law, and we also touch on security issues and means of protection.

• Personal data: means of protection. We analyze the requirements for protecting personal data, types of threats and security levels. In addition, we provide a list of legislative acts on the topic and a basic list of measures to ensure the security of PD.

• PD and the public cloud. The third part of our cycle of materials on personal data. This time we are talking about the public cloud: we consider the issues of protecting the OS, communication channels, virtual environment, and also talk about the distribution of responsibility for data security between the owner of the virtual server and the IaaS provider.

• Are Cookie Banners Necessary in the Age of GDPR: Discussing the Situation and Legal Requirements. Cookie banners are not liked by either users or owners of Internet resources. We find out what regulation actually requires, and talk about ways to get around the problem using the DNT framework and browser extensions.

• European regulators oppose cookie banners. An overview of the situation with the notification of users about the installation of cookies. We will talk about why government agencies in a number of European countries say that the use of banners is contrary to the GDPR and violates the rights of citizens. We are considering the issue from the perspective of relevant ministries, site owners, advertising companies and users. This habrapost has already gained more than 400 comments and is preparing to pass the mark of 25 thousand views.

/Unsplash/ Alvaro Reyes

• What you need to know about digital signature. Acquaintance with the topic for those who would like to understand what digital signatures are and know how the system of their certification works. We also briefly consider certification issues and figure out on what media keys can be stored and whether it is worth buying specialized software.

• IETF approves ACME, the standard for working with SSL certificates. We are talking about how the new standard will help automate the receipt and configuration of SSL certificates. And as a result - to increase the reliability and security of domain name verification. We present the mechanism of ACME operation, the opinions of industry representatives and the features of similar solutions - the SCEP and EST protocols.

• The WebAuthn standard is officially complete. This is the new standard for passwordless authentication. Talking about how it works WebAuthn (diagram below), as well as about the advantages, disadvantages and obstacles to the implementation of the standard.

• How cloud backup works. Basic information for those who would like to understand how many copies it costs to make, where to place them, how often to update and how to set up a simple backup system in a virtual environment.

• How to secure a virtual server. An introductory post about basic defenses against the most common types of attacks. We give basic recommendations: from two-factor authentication to monitoring with implementation examples in the 1cloud cloud.

Development in the cloud

• DevOps in the cloud service: our experience. We tell how the development of the 1cloud cloud platform was built. First - about how we started on the basis of the traditional cycle "development - testing - debugging". Next - about the DevOps practices that we use now. The material covers the topics of making changes, building, testing, debugging, deploying software solutions and using DevOps tools.

• How the Continuous Integration process works. Habrapost about CI and specialized tools. We tell what is meant by continuous integration, introduce the history of the approach and its principles. Separately, we talk about things that can interfere with the implementation of CI in a company, and we present a number of popular frameworks.

• Training stand for admins: how the cloud can help. In this article, we discuss what skills system administrators can “pump” in the cloud: from setting up OS and networks to test mock-ups of real projects and application migration.

• Why does a programmer need a workplace in the cloud. Back in 2016, TechCrunch said that local software development is gradually “dying”. It was replaced by remote work, and the jobs of programmers went to the cloud. In our general overview of this topic, we discuss how to organize a workspace for a development team and deploy new software in a virtual environment.

• How Developers Use Containers. We tell you what happens to applications inside containers, and how to manage it all. We will also talk about application programming and working with highly loaded systems.

/Unsplash/ Louis Villasmil

• Participation in open source projects can be beneficial for companies. We share our thoughts on how to benefit from an open approach. We discuss research and opinions.

Our other selections:

• About technologies, SSL certificates and the work of an IaaS provider
• About working with the cloud and organizing IT infrastructure
• About virtual infrastructure, information security and trends in the IaaS market

Source: habr.com