In
their list of predictions for 2011, application security specialists at the
Denim Group predicted software development teams will start to shift their
focus to building extensions to software-as-a-service applications instead
of writing custom software from the ground up.
In the company’s crystal ball, business-to-business providers
will lead the way in this, though extensions to
consumer-oriented applications will increase as well. As could be predicted
however, this kind of shift would bring with it its own set of challenges
for developers looking to integrate their creation securely, experts told
eWEEK.
"The overarching problems with securely integrating with SAAS [software-as-a-service]
applications is that the systems involving these integrations have more
complicated threat models than normal Web applications and the integration
patterns between custom code and SAAS services are not as standardized or well-understood," said Dan Cornell, CTO for the Denim Group. "This
creates a situation where developers do not necessarily understand how to build
these interactions securely, and it also makes it challenging to provide
standardized guidance to developers because, in the absence of specific
platforms and desired features, this guidance is often ‘it depends’ or ‘it’s
complicated."
The
dependency on SAAS components they don’t control poses a challenge for
enterprises as well, Forrester Research analyst Mike Gualtieri told eWEEK.
For more, read the eWeek article: Application Development Security Considerations for the Cloud.
