Build your next app on Blockchain inspired technology
Reviewing: AWS service Amazon Quantum Ledger Database (QLDB)
How secure are your apps? Spoiler — not very.
Having a security oriented development pipeline will go a long way in securing your online applications. The unfortunate reality is however, that your system probably still has undiscovered security holes. No amount of pen testing or security code reviews will uncover 100% of them and it would be naive to think otherwise.
So given that our systems and processes are fallible, what can we do to protect the integrity of the data in the case of a breach?
Protect your data integrity
I suggest building your systems, or parts of your systems, on immutable databases, and outsourcing the management and security model of the databases to trusted cloud services. Erroneous record changes can then be identified, and reversed, and integrity recovered.
Welcome to Amazon Quantum Ledger Database (QLDB)
QLDB will store a complete record of your history — period
Amazon offering a service for a journal database is a big deal. Incorporating it into your solutions where data integrity matters reduces your risk and will help you sleep.
Ask yourself, what would happen if someone changed or deleted some of your data? Can anyone gain or lose something of value if the data integrity is compromised. For example: What is the impact if an intruder wipes out your entire customer email records?
You may be doing backups, but how many important transactions have occurred since the last backup? How long do you keep backups, how realistic is it that you can recover data from backups that may have been caused from a long running security breach/ or software bug?
The journal system ensures nothing is mutated, a full history and audit is available, and this complexity is provided to you by the service — no need to build a sub standard system yourself. This will pay off big time when you need to trace back through time to understand an error in your dataset. The database is audited, and timestamped, and that process is not managed by your application code which is also subject to bugs and attacks.
This not only protects you against intruders but also software bugs as well.
Think of a migration that has an unforeseen side effect of deleting some business critical data. The error can be identified, and reversing transactions added to the dataset to restore integrity.
It’s cryptographically verifiable — so basically blockchain. Want your startup value to go 10x? Put blockchain on the tin.
The database should also be reasonably familiar to your developers. It is fully ACID, multi AZ (highly available and durable), serverless (scales to your needs and no infrastructure to maintain), joins, and indexes (although not composite indexes yet). It has an SQL ‘like’ API as well as a document oriented ION API.
With QLDB, your ledger is still only as safe as your AWS environment. Ensure you have your policies AWS security policies watertight. If your AWS environment is compromised, your append-only database could potentially be replaced with another version of it (public block chain to the rescue).
As with any cloud service, you need to think about your development and testing pipelines. You want to keep this efficient as possible so you don’t compromise project productivity.
Contact us to see what other cloud services you might be able to leverage in your solutions or how to have performant development processes in a cloud service environment.