Cloud Fundamentals Video Series: The Importance of Secure Development Practices for Cloud Services

To date much of the public discourse I have seen on cloud computing security has centered on cloud service providers and how they manage the operations of their cloud service offerings. This aspect of cloud computing is very important, especially for cloud customers that have compliance obligations to maintain. A topic of equal importance that I see much less focus on in the industry is how to securely develop cloud services. After all, a perfectly operated cloud service that has vulnerabilities in it that are the product of a poor development processes isn’t going to help protect the data that cloud customers store and process in the cloud.

Developers of cloud applications and platforms need to leverage a secure development process and use associated tools to help minimize the number and the severity of security vulnerabilities in the online services they develop. Security isn’t something they can bolt on at the end of the development process – it has to be baked into the process from the very beginning. As part of your cloud provider evaluation process, you should ask your candidate cloud providers about their development processes and how security is addressed.

Steve Lipner, partner director of program management in Trustworthy Computing at Microsoft, shares his perspective on the importance of secure development practices for cloud services in this episode of the Trustworthy Computing Cloud Fundamentals Video Series.

If you haven’t seen the other videos in this series, you can check them out below:

Cloud Fundamentals Video Series

Please check back on this blog regularly as we continue the Cloud Fundamentals Video Series and explore topics that are important for IT professionals and business decision makers who are interested in cloud security, privacy, and reliability.

About the Author
Tim Rains

Director, Cybersecurity & Cloud Strategy

Tim Rains has over 20 years of experience in the technology industry across several disciplines including engineering, consulting, and marketing communications roles. He currently manages security marketing and corporate communications in the Trustworthy Computing division at Microsoft. His expertise ranges Read more »