What does "compartmentalizing services" mean?

Question

I'm building a web app using Node/Express/Angular/Mongo and this is my first time dealing with a cloud server. Rackspace suggested that I compartmentalize my services. In an effort to not sound like a complete novice in front of the client, I turn to my friends at StackOverflow :)

What exactly does this mean? Is there a common practice on how to organize code and instances of Mongo and Node to "compartmentalize"?

My brief reading on the subject leads me to believe it means protective measures so user A can't hinder the performance or sniff sensitive info from user B.

Answer 1

It's essentially making sure your information that's being handled is only shown to people who 'need to see it'- setting properties in objects only when they MUST be set. Making sure that everything is on a need-to-know basis and you're not sending more data than you need to to various places like the cache layer, the logs, the user session, etc.

A good example where compartmentalization would make sense is a page that does something like SELECT * FROM user WHERE id=123 and stores that as $_SESSION['USER'][123] for a page where the user simply wants to see his uploaded photos or something. In cloud computing the risk for leaked info is higher so more steps have to be taken to protect sensitive information.

Wiki actually has a really good example:

In matters concerning information security, whether public or private sector, compartmentalization is the limiting of access to information to persons or other entities who have a need to know it in order to perform certain tasks. The concept originated in the handling of classified information in military and intelligence applications. The basis for compartmentalization was the idea that, if fewer people know the details of a mission or task, the risk or likelihood that such information could be compromised or fall into the hands of the opposition is decreased. Hence, varying levels of clearance within organizations exist. Yet, even if someone has the highest clearance, certain "compartmentalized" information, identified by codewords referring to particular types of secret information, may still be restricted to certain operators, even with a lower overall security clearance. Information marked this way is said to be codeword–classified. One famous example of this was the Ultra secret, where documents were marked "Top Secret Ultra": "Top Secret" marked its security level, and the "Ultra" keyword further restricted its readership to only those cleared to read "Ultra" documents.1

Compartmentalization of services simply takes that concept into the moving parts of your app. If too many parts are moving in one spot, you increase the risk should any of those parts fail. Your server guy is likely recommending you have email on one server, the db on another server, the cache on another server, etc. They make more money, and your app is "safer" should any of those servers go down.