Home » Posts tagged 'National Cyber Security Center'

Tag Archives: National Cyber Security Center

NCSC cloud anti-pattern #4: Don’t build an ‘on-prem’ solution in the cloud – Fedr8

NCSC cloud anti-pattern #4: Don’t build an ‘on-prem’ solution in the cloud

Lifting-and-shifting (Rehosting) is perceived as the easiest, Occam’s Razor method of migrating applications from on-premises to the cloud. Rehost is the defacto standard migration method for large-scale migrations where time is of the essence. “Let’s get it done and finesse it later,” goes the refrain.

As long as you configure the cloud to be similar to on-premises then your application is compatible and requires no changes. Vendors will promise, “Just make the cloud look similar to on-premises then you can drag-and-drop your application from one to the other.” Painless, right? Not according to the National Cyber Security Centre (NCSC).

In their 2019 whitepaper, “Security architecture anti-patterns”, NCSC recommend *not* treating the cloud the same as on-premises. Like all good security recommendations, this is based on common sense.

It is a fact that when you lift-and-shift to Rehost your application to the cloud you will also:

  • Lift-and-shift the issues you had on-premises into the cloud.
  • Fail to exploit the advantages of the cloud.

It’s possible to understand some of your exposure to this anti-pattern. Using discovery tools to map your on-premises infrastructure and applications to infer how you might refactor and replatform for the cloud and build migration plans that do not include security anti-patterns.

You need two-perspectives to discover the anti-pattern

Infrastructure-centric tools only tell you the bottom-half of any application story because the application is an opaque entity to infrastructure tools.

Bottom-up infrastructure reports might only list the server name and its address on the network. Or, like the AWS Server Migration Service agent, it might list the processes and network ports inside the server.

This is the “edge” of the application, where it touches the infrastructure, it is not inside the application. You can discover that “MySQL” is running on “port 3306”, and they might even tell you that a Java application is running on the server (because a JVM process is running) but they can’t tell you what that Java application is doing:

  • Which database is it using, and how?
  • Is the application logging to local disk?
  • Is the application using on-server session management?
  • Is the application sending emails to an on-premises server?
  • Are there hard-coded IPs for on-premises resources?

This is where the application-centric Fedr8 Green Rain engine complements infrastructure tools and completes the picture by analysing the application code to answer these questions and more.

Replatform and refactor to fix anti-pattern #4

Each of these technical dependencies is an opportunity to implement the recommendations from the NCSC white paper to “use higher-order functions in the cloud”.

Cloud consultants use the Green Rain technical report in the early assessment phase to define work packages. For example, if a hard-coded IP is found, the work can involve understanding what that remote service is and if it’s critical or can be disregarded. Application owners also benefit because Green Rain reveals technical dependencies at the line-of-code level from inside the application.

In effect, Green Rain creates a joint perspective between infrastructure and application owners. This is missing from many cloud migration projects.

Green Rain is also used in post-migration to analyze the code of already-migrated applications. By discovering if they applications are exposed to the NCSC anti-pattern #4 it’s possible to uncover more opportunities to optimize the application for the cloud.

Application refactoring and replatforming is not just about fixing and mitigating security risks. Adapting your application to exploit the cloud can return significant benefits. Comic Relief reduced their cloud spend from £83k per month to £5k per month.

Getting started with Green Rain

Contact Green Rain and we can help you analyze your application whether it’s on-premises today or already in the cloud. You’ll get access to an experienced cloud and application migration consultant who can guide you through the two-step process:

  1. Analyze your application with Green Rain
  2. Use the Technical Report to build your own migration or remediation plan

More resources

Learn more about how Fedr8 Green Rain can help you.

I would like to receive Brand Communications updates and news...
Free Stock Updates & News
I agree to have my personal information transfered to MailChimp ( more information )
Join over 3.000 visitors who are receiving our newsletter and learn how to optimize your blog for search engines, find free traffic, and monetize your website.
We hate spam. Your email address will not be sold or shared with anyone else.