Grounded in the Cloud
cancel
Showing results for 
Search instead for 
Did you mean: 

Technical Cloud Security: Application security in the cloud

SimonLeech

This is the third in a series of videos and blogs looking at some technical aspects of hybrid cloud security. Today we will talk about the role of application security in the cloud. Other videos in the series can be found by searching for the tag cloudsectechvideos.

Whilst the cloud platform and overlying compute instances can be configured in a very secure manner, often the weaknesses that are sought out and exploited by hackers are at the application level. In fact, recent research by HPE shows that up to 84% of recent breaches were aimed at application vulnerabilities. Especially in a cloud environment, where the emphasis is on agile DevOps and frequent code updates, security is often overlooked, and without effectively integrating security into the software development lifecycle (SDLC), vulnerable applications can be released into production with little understanding of the consequences.

So if an organization is able to introduce security into the mind set of software developers, they will be able to improve the quality of the software and at the same time reduce the costs involved with out of cycle patch releases. Whilst there are products available so that developers can scan code before it gets released, a lot of the success from a software assurance program will come from changing the mentality of the organization – getting buy-in from senior management to sponsor security projects within the development organization, having people from the application security team involved at the product requirements planning stage, and introducing source code scanning as a gate process, ensuring that all code intended for release into a production environment is first scanned using whatever tool the organization has chosen.

Hewlett Packard Enterprise provide organizations with code security tools via the HPE Fortify family of solutions. HPE Fortify can be used in one of three ways in a cloud environment – static code analysis, dynamic application security testing, and real-time application security.

This video looks at some of the things to think about when introducing security into the application development lifecycle.

 

 

To learn more about hybrid cloud security, download the whitepaper from 451 Research Group. You can also learn more about the HPE approach to Hybrid Cloud Security. For information about application security and DevOps, and to download the recently released white paper on the state of security in DevOps, please visit this pageOther videos in the series can be found by searching for the tag cloudsectechvideos.

0 Kudos
About the Author

SimonLeech

Simon Leech is a Certified Information Systems Security Professional with a specialisation in Security Architecture (CISSP-ISSAP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Certified in Cloud Security Knowledge (CCSK) and Chief Technologist Security within the Hewlett Packard Enterprise EMEA Hybrid IT Team. Within Hewlett Packard Enterprise, Mr Leech is responsible for influencing and evangelising the security strategy of the Hybrid IT team. Simon is active on Twitter as @DigitalHeMan

Events
28-30 November
Madrid, Spain
Discover 2017 Madrid
Join us for Hewlett Packard Enterprise Discover 2017 Madrid, taking place 28-30 November at the Feria de Madrid Convention Center
Read more
HPE at Worldwide IT Conferences and Events -  2017
Learn about IT conferences and events  where Hewlett Packard Enterprise has a presence
Read more
View all