Security Considerations for Application Development in the Cloud

In their list of predictions for 2011, application security specialists at the Denim Group predicted software development teams will start to shift their focus to building extensions to software-as-a-service applications instead of writing custom software from the ground up.

In the company's crystal ball, business-to-business providers will lead the way in this, though extensions to consumer-oriented applications will increase as well. As could be predicted however, this kind of shift would bring with it its own set of challenges for developers looking to integrate their creation securely, experts told eWEEK.

"The overarching problems with securely integrating with SAAS [software-as-a-service] applications is that the systems involving these integrations have more complicated threat models than normal Web applications and the integration patterns between custom code and SAAS services are not as standardized or well-understood," said Dan Cornell, CTO for the Denim Group. "This creates a situation where developers do not necessarily understand how to build these interactions securely, and it also makes it challenging to provide standardized guidance to developers because, in the absence of specific platforms and desired features, this guidance is often 'it depends' or 'it's complicated."

The dependency on SAAS components they don't control poses a challenge for enterprises as well, Forrester Research analyst Mike Gualtieri told eWEEK.

For more, read the eWeek article: Application Development Security Considerations for the Cloud.