Grounded in the Cloud
cancel
Showing results for 
Search instead for 
Did you mean: 

Technical Cloud Security: Application security in the cloud

SimonLeech

This is the third in a series of videos and blogs looking at some technical aspects of hybrid cloud security. Today we will talk about the role of application security in the cloud. Other videos in the series can be found by searching for the tag cloudsectechvideos.

Whilst the cloud platform and overlying compute instances can be configured in a very secure manner, often the weaknesses that are sought out and exploited by hackers are at the application level. In fact, recent research by HPE shows that up to 84% of recent breaches were aimed at application vulnerabilities. Especially in a cloud environment, where the emphasis is on agile DevOps and frequent code updates, security is often overlooked, and without effectively integrating security into the software development lifecycle (SDLC), vulnerable applications can be released into production with little understanding of the consequences.

So if an organization is able to introduce security into the mind set of software developers, they will be able to improve the quality of the software and at the same time reduce the costs involved with out of cycle patch releases. Whilst there are products available so that developers can scan code before it gets released, a lot of the success from a software assurance program will come from changing the mentality of the organization – getting buy-in from senior management to sponsor security projects within the development organization, having people from the application security team involved at the product requirements planning stage, and introducing source code scanning as a gate process, ensuring that all code intended for release into a production environment is first scanned using whatever tool the organization has chosen.

Hewlett Packard Enterprise provide organizations with code security tools via the HPE Fortify family of solutions. HPE Fortify can be used in one of three ways in a cloud environment – static code analysis, dynamic application security testing, and real-time application security.

This video looks at some of the things to think about when introducing security into the application development lifecycle.

 

 

To learn more about hybrid cloud security, download the whitepaper from 451 Research Group. You can also learn more about the HPE approach to Hybrid Cloud Security. For information about application security and DevOps, and to download the recently released white paper on the state of security in DevOps, please visit this pageOther videos in the series can be found by searching for the tag cloudsectechvideos.

0 Kudos
About the Author

SimonLeech

Simon Leech is a Certified Information Systems Security Professional with a specialisation in Security Architecture (CISSP-ISSAP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Certified in Cloud Security Knowledge (CCSK) and working in the Worldwide Security Center of Excellence within HPE Pointnext Advisory and Professional Services. Simon is active on Twitter as @DigitalHeMan

Events
Jan 30-31, 2018
Online
Expert Days - 2018
Visit this forum and get the schedules for online HPE Expert Days where you can talk to HPE product experts, R&D and support team members and get answ...
Read more
See posts for dates
Online
HPE Webinars - 2018
Find out about this year's live broadcasts and on-demand webinars.
Read more
View all