Security Considerations for Application Development in the Cloud
In their list of predictions for 2011, application security specialists at the Denim Group predicted software development teams will start to shift their focus to building extensions to software-as-a-service applications instead of writing custom software from the ground up.
In the company's crystal ball, business-to-business providers will lead the way in this, though extensions to consumer-oriented applications will increase as well. As could be predicted however, this kind of shift would bring with it its own set of challenges for developers looking to integrate their creation securely, experts told eWEEK.
"The overarching problems with securely integrating with SAAS [software-as-a-service] applications is that the systems involving these integrations have more complicated threat models than normal Web applications and the integration patterns between custom code and SAAS services are not as standardized or well-understood," said Dan Cornell, CTO for the Denim Group. "This creates a situation where developers do not necessarily understand how to build these interactions securely, and it also makes it challenging to provide standardized guidance to developers because, in the absence of specific platforms and desired features, this guidance is often 'it depends' or 'it's complicated."
The dependency on SAAS components they don't control poses a challenge for enterprises as well, Forrester Research analyst Mike Gualtieri told eWEEK.
For more, read the eWeek article: Application Development Security Considerations for the Cloud.
The Role of Standards in Cloud Security
Security is often cited as a primary cause for concern...Watch Now
Ensuring Resources for Mission Critical Workloads
Application workloads can thrive in cloud environments,...Watch Now
Improving Security in the Public Cloud
One of the main concerns about moving data to a public...Watch Now