To date much of the public discourse I have seen on cloud computing security has centered on cloud service providers and how they manage the operations of their cloud service offerings. This aspect of cloud computing is very important, especially for cloud customers that have compliance obligations to maintain. A topic of equal importance that I see much less focus on in the industry is how to securely develop cloud services. After all, a perfectly operated cloud service that has vulnerabilities in it that are the product of a poor development processes isn’t going to help protect the data that cloud customers store and process in the cloud.
Developers of cloud applications and platforms need to leverage a secure development process and use associated tools to help minimize the number and the severity of security vulnerabilities in the online services they develop. Security isn’t something they can bolt on at the end of the development process – it has to be baked into the process from the very beginning. As part of your cloud provider evaluation process, you should ask your candidate cloud providers about their development processes and how security is addressed.
Steve Lipner, partner director of program management in Trustworthy Computing at Microsoft, shares his perspective on the importance of secure development practices for cloud services in this episode of the Trustworthy Computing Cloud Fundamentals Video Series.
If you haven’t seen the other videos in this series, you can check them out below:
Cloud Fundamentals Video Series
- Introducing the Cloud Fundamentals Video Series
- Cloud Computing & Business Agility
- Cloud Computing Requires Transparency
- Cloud Transparency as an Element of Trust
- The Benefits of Industry Collaboration to Cloud Computing Security
- Benchmarks and Evaluation Standards for Cloud Computing Security
- Evaluating Different Cloud Service Offerings by Comparing Security Controls
- e-discovery in the Cloud
- Compliance in the Cloud
- Cloud Computing Privacy at Microsoft, Part 1
- Cloud Computing Privacy at Microsoft, Part 2
Please check back on this blog regularly as we continue the Cloud Fundamentals Video Series and explore topics that are important for IT professionals and business decision makers who are interested in cloud security, privacy, and reliability.