In the software as a service ecosystem, customers are represented by two separate yet equally important groups: the developers who create the service, and the operations team that manages it. These are their stories. DUN DUN
Actually, this is just the story of the operations team. Not every enhancement requires a code change, after all. And our operations team has been hard at work making Ready Room more secure, reliable, and performant. In particular, over the last few months, they have:
Enabled Cloudflare
This is huge! All traffic in and out of Ready Room is now routed through Cloudflare's Web Application Firewall (WAF). This provides us with DDOS protection at the SSL layer and lower down in the network stack. It also offers a world-wide content delivery network for enhanced performance, and protection against well-known Internet attacks, such as Heartbleed and Shellshock. In the near future, we will enable upstream OWASP mitigation and rapid protection against zero-day attacks.
Enabled a High Availability Database
We have enabled a second, high availability (HA), instance of the Postgres relational database to act as a hot standby. Now, every database write is sent simultaneously to each database instance, while reads are sent only to the primary. Should the primary fail, Ready Room will immediately and seamlessly failover to the secondary. Thus minimizing downtime and reducing the risk of data loss.
Enabled a Dedicated Ingress Point
Back in July Ready Room was collateral damage in a DDOS attack against another company who shared our router/load-balancer, knocking us off the air for several minutes. We have taken a couple of steps to keep that from happening again. One is enabling Cloudflare as discussed above. The other is to set up a dedicated ingress point that is not shared with any other firm.
A dedicated ingress point will lower latency and increase reliability by keeping Ready Room traffic isolated from others. It also offers Ready Room a dedicated IP address which we plan to leverage in the future for additional security and performance enhancements.
Upgraded to Ubuntu 24
When it comes to security, it's critical to keep an application's underlying dependencies current. Doing so protects against attacks that may target old, unpatched software. Ubuntu, a popular Linux variant, is our operating system of choice, and it has a "stable" release every two years. The latest long term release from Ubuntu was released in May, 2024. Accordingly, we have recently upgraded our operational OS from Ubuntu 22 to Ubuntu 24. Note, that we use a server-oriented buildpack, which minimizes the number of packages pre-installed, further limiting the surface area for an attack.
All of this information and more can be found in our Ready Room Security document available on our website.
