Aaron Mulgrew by Aaron Mulgrew | | Blog

With so many organisations looking to implement web portals in the cloud or migrate their storage to the cloud, Deep Secure Lead Researcher Aaron Mulgrew looks at how “going serverless” can help you deploy security controls that combat document malware at scale and simultaneously reduce costs.

One of the many questions I am often asked is ‘how do you scale’ and ‘how many people will I need to employ to maintain your software’? The answer to the first question is near limitless. The answer to the second question is not a single person. I’ll explain.

Content Threat Removal as a Service

Deep Secure Content Threat Removal is a security technology that transforms documents rendering them free of document malware and making them 100% safe. It is designed around a Zero Trust Security Model meaning it doesn’t try and detect the presence of malware it treats all documents as dangerous and transforms them all.

Content Threat Removal as a Service (CTRaaS) is a developer platform that combines Deep Secure's document transformation technology with a range of APIs. The service allows developers to integrate content transformation into their applications and content workflows – using a cloud-based subscription model.

Scalability

CTRaaS has been designed and implemented in AWS Lambda, an event driven serverless framework (using the near-infinite scalability of Amazon Web Services servers) that is intended as a simple way for application developers and operations to deal with large differences in loads on the infrastructure.

For the developer being able to call on security controls that are built on Lambda serverless computing means never having to worry that security will be an inhibitor. It will always scale to meet demand.

Here for example is a schematic showing one document being sent to CTRaaS.

 

In this scenario, one document is being sent to Deep Secure at a time. CTRaas scales to a factor of one to support the transaction.

Now in the next schematic you can see four documents being sent to CTRaaS at the same time.

 

In this scenario, four documents have been sent to Deep Secure all at the same time and CTRaas scales to four functions to support the transaction.

No Residual Risk

AWS Lambda is on shared resources, meaning that at any time, the temporary environment you are given to execute your code may be different to the previous environment. This has an added security advantage as the environment is unlikely to be the same each time. Contrast this with using a machine image in the cloud to enforce security controls. With the machine image you have the associated risk that if malware in a document succeeds in compromising the machine, it remains compromised thereafter. With the serverless approach, a security control is used to perform a limited function – say transforming a document – with a minimal attack surface, fractional traffic exposure and limited lifetime, substantially reducing risk.

Rapid Deployment

Another important benefit of the serverless approach is that it makes it easier for developers to build applications quickly. Using a set of simple APIs, the developer can rapidly integrate Deep Secure transformation security controls directly into their applications. The APIs supplied as part of CTRaaS enable simple uploads of a document for transformation, batch or event-driven processing as well as the ability to upload into one S3 bucket and download into another.

With the serverless approach it is possible to replace the complex, time exhaustive process of integrating multiple security technologies into an application with just a couple of simple HTTP requests. This makes it easier for both the developer who can build the application much faster, and the application tester who can concentrate on testing the application rather than spending their time building the environment.

Reduced Costs

By Leveraging AWS 99.95% reliability levels, CTRaaS is always available to transform documents and render them free of document malware. That means no prolonged and costly outages for upgrades to security products. It also means that the onus for any patching that has to be done to the infrastructure is put squarely on the shoulders of the service provider leaving the developers free to focus on their application. In short, there are no administrative costs associated with CTRaaS.

There are many benefits to going serverless when it comes to designing security controls into your applications and workflows. For more exhaustive information, why not grab a FREE Trial of Deep Secure Content Threat Removal as a Service or attend the 3 Steps to a Clean Cloud webinar running on 25th September 2019.

- # -

Aaron Mulgrew is Lead Researcher and Pre-Sales Consultant at Deep Secure.

 


View all posts

Are you ready to talk to Deep Secure?