Today we continue discussing the best practice from storage engineering:
55) Https Encryption not only helps secure data at rest but also secured data in transit. However, it comes with the onus of key and certificate management. Https by default is not just a mandate over internet but also a requirement even between departments in the same organization.
56) KeyManagement: We have emphasized that keys are needed for encryption purposes. This calls for keys to be kept secure. With the help of standardized key management interfaces, we can use external keySecure managers. Keys should be rotated every now and then.
57) API security: it is almost undeniable to have APIs with any storage service. Every request made over the web must be secured. While there are many authentication protocols including OAuth, each request will be sufficiently secured if it has an authorization and a digital signature. ApiKeys are not always required.
58) Integration with authentication provider: File System protocol has been integrated with Active Directory. This enables organization to take advantage of authorizing domain users. Identity and Access management for cloud services can also be referred.
59) Auditing: Audit serves to detect unwanted access and maintain compliance with regulatory agencies. Most storage services enable auditing by each and every component in the control path. This is very much like the logging for components. In addition, the application exposes a way to retrieve the audits.
60) Offloading: Every bookkeeping, auxiliary and routine activity that takes up system resources could be candidate for hardware offloading so long as it does not have significant conditional logic and is fairly isolated. This improved performance in the data path especially when the activities can be consolidated globally.
#codingexercise
int GetNodeWithHeavierRightLeaves(Node root, ref List<Node> result)
{
if (root == null) return 0;
if (root.left == null && root.right == null) return 1;
int left = GetNodeWithHeavierRightLeaves(root.left, ref result);
int right = GetNodeWithHeavierRightLeaves(root.right, ref result);
if (right > left+2)
{
result.Add(root);
}
return left + right;
55) Https Encryption not only helps secure data at rest but also secured data in transit. However, it comes with the onus of key and certificate management. Https by default is not just a mandate over internet but also a requirement even between departments in the same organization.
56) KeyManagement: We have emphasized that keys are needed for encryption purposes. This calls for keys to be kept secure. With the help of standardized key management interfaces, we can use external keySecure managers. Keys should be rotated every now and then.
57) API security: it is almost undeniable to have APIs with any storage service. Every request made over the web must be secured. While there are many authentication protocols including OAuth, each request will be sufficiently secured if it has an authorization and a digital signature. ApiKeys are not always required.
58) Integration with authentication provider: File System protocol has been integrated with Active Directory. This enables organization to take advantage of authorizing domain users. Identity and Access management for cloud services can also be referred.
59) Auditing: Audit serves to detect unwanted access and maintain compliance with regulatory agencies. Most storage services enable auditing by each and every component in the control path. This is very much like the logging for components. In addition, the application exposes a way to retrieve the audits.
60) Offloading: Every bookkeeping, auxiliary and routine activity that takes up system resources could be candidate for hardware offloading so long as it does not have significant conditional logic and is fairly isolated. This improved performance in the data path especially when the activities can be consolidated globally.
#codingexercise
int GetNodeWithHeavierRightLeaves(Node root, ref List<Node> result)
{
if (root == null) return 0;
if (root.left == null && root.right == null) return 1;
int left = GetNodeWithHeavierRightLeaves(root.left, ref result);
int right = GetNodeWithHeavierRightLeaves(root.right, ref result);
if (right > left+2)
{
result.Add(root);
}
return left + right;
}
No comments:
Post a Comment