Overcoming Open Source Vulnerabilities and Compliance Challenges

June 03 2019

It’s one thing to create a platform to support software development. But it requires special expertise to build out one that specifically employs AWS best practices and meets rigorous compliance requirements.

The challenge is further intensified when the software development process relies on open source libraries to accelerate time-to-market. With open source libraries come open source vulnerabilities.

The Assignment

When a life sciences organization requested ClearScale’s assistance in creating infrastructure for a new software project, the ClearScale team knew a multi-faceted approach would be required. In addition to being built to AWS best practice standards, the infrastructure the client wanted had to comply with HIPAA regulations and standards. Security processes and technologies would be essential for meeting the compliance requirements, as well as for mitigating potential vulnerabilities arising from the open source libraries. The solution also needed to encompass continuous integration and continuous deployments.

The ClearScale Solution

As an AWS Premier Consulting Partner, ClearScale drew upon its AWS expertise to select the appropriate services to meet the client’s needs and for cost effectiveness and efficiencies. The solution also incorporates various open source components, further reducing overall costs and helping to speed up the software development process.

At the application tier, key services include Amazon Elastic Container Service (Amazon ECS), a highly scalable, fast container management service which makes it easy to run, stop, and manage Docker containers running on AWS infrastructure.

Amazon Fargate, a compute engine for Amazon ECS, enables running containers without having to manage servers or clusters. This allows for focusing on designing and building applications instead of managing the infrastructure that runs them.

At the database tier, Amazon Relational Database Service (Amazon RDS) provides cost-efficient, resizable capacity while automating time-consuming administration tasks such as hardware provisioning, database setup, and backups. It’s used with MySQL engine, an open source relational database management system system (RDBMS).

At the storage tier, S3 buckets store AnglarJS site content, private repositories, ALB access logs, and AWS Config trails logs.

Among the many other services is AWS CloudFormation, with CloudFormation stacks configured to allow for deploying multiple applications in the same VPC and subnets. Amazon CloudWatch serves as a monitoring service for the AWS cloud resources and applications. AWS Key Management Service (KMS) provides an easy way to create and control the encryption keys used for data encryption. It’s integrated with other AWS services to help protect the data stored with them. AWS CloudTrail provides logs of all AWS usage to help meet regulatory and compliance needs.

Architecture Diagram alt

The Snyk Component

To address the issue of vulnerabilities arising from the open source libraries, ClearScale selected Snyk, an open source security platform. The commercial service focuses on JavaScript (software library) dependencies. This helps ensure that third-party libraries in the client’s software are secure.

In the ClearScale solution, Snyk scans the software every time it’s committed to the GitHub repository. It also allows for scanning Docker containers during the build process.

All code and software is scanned against Snyk’s vulnerability database, which gets its data from the National Institute of Standards and Technology National Vulnerability Database (NIST NVD and Node Security Project (NSP). Notification of any issues are sent in near-real time. This gives the client a full report so it can make immediate fixes to meet and maintain compliance requirements.

Results

Thanks to the comprehensive solution developed by ClearScale, the client now has a robust, reliable infrastructure to support software development. Mechanisms are in place to mitigate vulnerabilities arising from the open source libraries the company uses in its software development process. Cost-effective and efficient, the solution also helps the client to meet a variety of compliance requirements — and maintain compliance — without interrupting or delaying any aspect of its software development process.

What Can We Do for You?

Whether you need specially designed infrastructure or assistance in migrating to the cloud, ClearScale can help. Tell us what your challenges and needs are. We can devise a solution to meet them.

Get in touch today to speak with a Cloud expert and discuss how we can help:

Call us at 1-800-591-0442
Send us an email: sales@clearscale.net
Fill out a Contact Form
Read our Customer Case Studies

San Francisco

Headquarters

71 Stevenson St.

Suite 400

San Francisco, CA 94105

O: 1-800-591-0442

F: 1-415-655-6601

San Jose

5450 Thornwood Dr

Suite #L

San Jose, CA 95123

Denver

1400 16th Street,

Suite 400

Denver, CO 80202

O: 1-720-932-8028

Phoenix

2942 N 24th Street,

Suite 114

Phoenix, AZ 85016

O: 1-602-560-1198

New York

165 Broadway, 23rd Floor

New York City, NY 10006

O: 1-646-759-3656

Houston

11757 Katy Freeway

Suite 1300

Houston, Texas 77079

O: 1-281-854-2088

Toronto

100 King Street West

Suite 5600

Toronto, Ontario, M5X 1C9

O: 1-416-479-5447

About Us  |  Careers  |  Privacy Policy
@ Subscribe
Share