Development in the cloud, information security and personal data: digest for reading on weekends from 1cloud

These are materials from our corporate and habrablog about working with personal data, protecting IT systems and cloud development. In this digest you will find posts with analysis of terms, basic approaches and technologies, as well as materials about IT standards. / Unsplash / Zan Ilic

Work with personal data, standards and fundamentals of information security

• What is the essence of the law on personal data (PD) . Introductory material on legislative acts governing work with PD. We tell who concerns and does not apply to Federal Law No. 152, and what needs to be understood by consent to the processing of PD. And we give a scheme of actions to comply with the requirements of the Federal Law, and yet we touch upon security and protective equipment.

• Personal data: means of protection . We analyze the requirements for PD protection, types of threats and security levels. In addition, we provide a list of legislative acts on the topic and a basic list of measures to ensure the safety of PD.

• PD and public cloud . The third part of our personal data material cycle. This time we are talking about the public cloud: we are considering the issues of protecting the OS, communication channels, virtual environment, and also talk about the distribution of responsibility for data security between the owner of the virtual server and the IaaS provider.

• Do we need cookies in the era of GDPR: we discuss the situation and the requirements of the law . Cookies do not like either users or owners of Internet resources. We find out what regulation actually requires, and talk about ways to work around the problem using the DNT framework and browser extensions.

• European regulators oppose cookie banners . Overview of the situation with notifying users about the installation of cookies. It will be about why government agencies in several European countries say that the use of banners is contrary to the GDPR and violates the rights of citizens. We consider the issue from the perspective of specialized ministries, website owners, advertising companies and users. This habrapost has already collected more than 400 comments and is preparing to go over the mark of 25 thousand views.

/ Unsplash / Alvaro Reyes

• What you need to know about digital signature . Acquaintance with the topic for those who would like to understand what digital signatures are and to know how their identification system works. We also briefly review certification issues and understand on which media keys can be stored and whether it is worth buying specialized software.

• IETF Approved ACME - This is the standard for working with SSL certificates . We are talking about how the new standard will help automate the receipt and configuration of SSL certificates. And as a result, to increase the reliability and security of domain name verification. We present the mechanism of ACME, the opinions of industry representatives and the features of similar solutions - SCEP and EST protocols.

• The WebAuthn standard is officially completed . This is the new passwordless authentication standard. We talk about how it works WebAuthn ( diagram below ), as well as the advantages, disadvantages and obstacles to the implementation of the standard.

• How cloud backup works . Basic information for those who would like to figure out how many copies it costs to make, where to place them, how often to update, and how to set up a simple backup system in a virtual environment.

• How to protect a virtual server . Introductory post on basic defense against the most common attack options. We give basic recommendations: from two-factor authentication to monitoring with examples of implementation in the 1cloud cloud.

Cloud Development

• DevOps in the cloud: our experience . We describe how the development of the 1cloud cloud platform was built. First, about how we started on the basis of the traditional cycle “development - testing - debugging”. Next is the DevOps practices that we apply now. The material covers the topics of changes, assembly, testing, debugging, deployment of software solutions and the use of DevOps tools.

• How the Continuous Integration process works . Habrapost about CI and specialized tools. We tell what is meant by continuous integration, we are familiar with the history of the approach and its principles. Separately, we talk about things that can interfere with the implementation of CI in the company, and we present a number of popular frameworks.

• Training stand for admins: how the cloud will help . In this article, we discuss what skills system administrators can “pump” in the cloud: from setting up the OS and networks to test layouts of real projects and application migration.

• Why does a programmer need a workplace in the cloud . Back in 2016, TechCrunch said that local software development is gradually dying. It was replaced by remote work, and the jobs of programmers went into the cloud. In our overview of this topic, we discuss how to organize a workspace for a development team and deploy new software in a virtual environment.

• How developers use containers . We tell you what happens with the applications inside the containers, and how to manage it all. We will also talk about application programming and working with highly loaded systems.

/ Unsplash / Luis Villasmil

• Participation in open source projects can be beneficial for companies . We share our thoughts on how to benefit from an open approach. We discuss research and opinions.

---

Our other collections:

• About technologies, SSL certificates and the work of IaaS provider
• About working with the cloud and organizing IT infrastructure
• About virtual infrastructure, information security and IaaS market trends