In the last 12 months, 80% of organizations would have reported a cloud-related security incident, with a startling 72% increase in cloud infrastructure incidents overall. However, only 24% of these breaches are due to unpatched common vulnerabilities and exposures (CVEs). This highlights that the real cybersecurity challenges today stem more from poor architectural design choices, implementation strategies, and security postures than from known vulnerabilities.

Having spent a decade of my career from helping build a new search startup to starting up search at the biggest cloud provider, I’ve witnessed numerous Large Scale Events (LSEs), such as Log4j/Log4shell, and often fear future disasters resulting from other terrible implementation decisions that result in less security in exchange for faster time to revenue. It’s surprising these statistics aren’t higher. The Affect Heuristic, the same cognitive bias that led to several catastrophic failures during the early days of the space race in the 1960s, is often at play in the major cloud organizations, leading to numerous rushed and flawed decisions that thankfully don’t always result in billion-dollar rocket explosions but nevertheless pose significant risks.

This blog post is the second in a series of two posts that touch on the topic of programming language safety, what it means for software security with the government’s need for heightened cybersecurity measures, and how Lucenia prioritizes “security by default” in its cloud native microlithic architecture design.

The Importance of “Security by Default”

As organizations strive to protect their data and systems from becoming part of these alarming statistics, the architecture and design choices of the service providers become more crucial than ever. From selecting programming languages to defining infrastructure communication patterns, these decisions are key to building secure and efficient services and applications all organizations have come to depend on.

At Lucenia, we recognize that a one-size-fits-all approach is inadequate for the multifaceted nature of modern cybersecurity. We champion a microlithic architecture design over the monolithic implementations favored by other search companies. With Lucenia’s “do more with less” search offering, we harness the strengths of multiple programming languages and cloud native distributed design patterns, ensuring the right tool is used for each task. This “security by default” and “secure by design” strategy not only boosts performance but also strengthens system protection, providing a robust defense against the rising tide of sophisticated cyber threats. By avoiding the pitfalls of rushed decisions that are difficult to back out of monolithic implementations, and leveraging the best available technologies, Lucenia is leading the way in embedding resilience and security into the DNA of its products and service offerings.

Advancements in Memory-Safe Programming

Advancements in programming languages and cloud native design have led to the emergence of engineering tools aimed at enhancing memory safety. Projects like Java’s Project Panama, for example, facilitate more secure integration between Java and native libraries, mitigating the risks associated with directly calling native code from Java applications. Available in the JDK 22 production release, and in preview going back to JDK 19, Project Panama’s Foreign Memory API aims to achieve safer native calls over the original Java Native Interface prior to JDK 19:

1. Type Safety: Introducing type-safe bindings ensures that Java code interacts with native code in a type-safe manner, reducing the risk of memory corruption and type-related errors.
2. Memory Management: Providing improved memory management mechanisms, such as automatic memory allocation and deallocation, helps prevent common memory-related bugs like buffer overflows and memory leaks.
3. Exception Handling: Enabling better integration of exception handling between Java and native code makes it easier to gracefully handle errors.
4. Encapsulation: Promoting encapsulation of native code within Java APIs reduces direct exposure to potentially unsafe native code interfaces.
5. Interoperability: Facilitating better interoperability between Java and native code allows for seamless integration while maintaining safety and security.

While these benefits demonstrate how Project Panama can enhance safety when working with native code, it does not eliminate all potential risks. Careful design, testing, and adherence to best practices in native code are still necessary to ensure overall safety and reliability. The C++ community, for example, has been making significant strides in memory management since the release of C++11 to make the native language more memory-safe.

Similarly, Rust is also known for several robust memory safety features. At the core of Rust’s memory safety is its ownership system, which ensures that each value has a unique owner and governs the movement and lifetime of data, preventing issues like dangling pointers or data races. By enforcing strict rules around ownership, borrowing, and lifetimes, Rust eliminates common pitfalls such as null pointer dereferencing and memory leaks. Additionally, Rust’s type system and compiler work together to verify memory safety properties at compile time, allowing developers to write high-performance code with confidence. With its emphasis on preventing memory-related errors while maintaining performance, Rust stands out as a language that empowers developers to build reliable and secure systems-level software.

The Power of Multi-Language Support in Lucenia’s Architecture

Lucenia’s microlithic architecture takes the concept of memory-safe programming further by adopting a multi-language approach. This architecture balances short-lived functions as a service with longer-running service applications to support using the “right programming language for the job.” This flexibility allows us to optimize both performance and security, leveraging the strengths of different programming languages where they are most effective.

Example 1: Accelerating Vector Indexes with C++

When it comes to high-performance computing tasks like accelerating vector indexes, C++ is a clear choice over other programming languages. The language’s long time support for Single Instruction, Multiple Data (SIMD) operations most often significantly outperforms Java’s SIMD implementation with significant performance enhancing parallelism on the way. By using the long recommended memory-safe smart pointers introduced in C++11 combined with the memory safe sandbox mechanisms in a cloud native implementation, we ensure efficient memory management and protection while achieving superior performance. This combination of speed and safety is essential for applications that require rapid processing of large datasets without compromising security, and is one of the core component options in Lucenia’s vector and hybrid search offering.

Example 2: Rust for Safety over Performance

On the other hand, many scenarios arise where Rust is a better choice over C++ when strict memory safety is paramount, and performance is not a primary concern. Rust’s robust memory safety features, such as its ownership system, type safety, and compile-time checks, make it an ideal language for building secure applications. By using Rust in parts of our architecture where security is critical, we can minimize the risk of memory-related vulnerabilities, ensuring that our applications are both safe and reliable.

Embracing a Comprehensive and Flexible Security Approach

While breaking applications into smaller services can make them less predictable and potentially harder to exploit, relying solely on security by obscurity is not a complete defense strategy. Nor are serverless architectures a panacea for solving all security challenges, such as third-party dependencies, limited visibility and control, and cold start attacks. To further fortify cybersecurity, Lucenia’s offerings aim to empower organizations with the capability to embrace a comprehensive and flexible security approach that encompasses:

1. Proactive Threat Modeling: Identifying potential security threats and vulnerabilities that scale from each function and service to full end-to-end use case integration testing.
2. Secure Coding Practices: Leveraging Lucenia’s APIs that apply best practices for writing secure code and minimizing the risk of common vulnerabilities.
3. Regular Security Audits: Conducting routine security audits and assessments to identify and address any security weaknesses.
4. Monitoring and Incident Response: Implementing robust monitoring solutions to detect suspicious activities and responding swiftly to security incidents.
5. Compliance and Regulatory Requirements: Ensuring compliance with industry regulations and standards (e.g., FIPS) relevant to the organization’s operations.

Lucenia’s CyberSecurity Advantage

At Lucenia, we are at the forefront of innovation, driving the wave of multi-language support to dynamically leverage the right programming language implementation for each task. By embracing a microlithic architecture over the monolithic designs chosen by other search companies, we can implement “security by default” more effectively. This approach allows us to balance performance and cybersecurity requirements, empowering organizations to “do more with less” in a secure manner.

Unlike fixed implementations that lock developers into a single language or framework, our flexible microlithic architecture adapts to the unique demands of each task. For instance, we harness the high performance of C++ for accelerated hybrid search operations, ensuring faster and more efficient data retrieval. In parallel, we leverage the robust memory safety features of Rust for secure encapsulation strategies, minimizing vulnerabilities and enhancing the overall security posture.

This flexibility extends beyond just programming languages. Our architecture supports seamless integration of various cloud-native communication patterns, allowing us to optimize both the speed and security of inter-service communications. By dynamically selecting the best tools and strategies for each component, Lucenia ensures that our solutions are not only high-performing but also resilient against emerging threats.

With this flexible and comprehensive strategy, Lucenia continues to set the standard for secure and efficient application development in the ever-evolving cybersecurity landscape. Our commitment to innovation and adaptability positions us as leaders in delivering secure, scalable, and efficient solutions tailored to the diverse needs of modern enterprises.