Shifting to Software-Defined
Showing results for 
Search instead for 
Did you mean: 

Technical Cloud Security: Application security in the cloud


This is the third in a series of videos and blogs looking at some technical aspects of hybrid cloud security. Today we will talk about the role of application security in the cloud. Other videos in the series can be found by searching for the tag cloudsectechvideos.

Whilst the cloud platform and overlying compute instances can be configured in a very secure manner, often the weaknesses that are sought out and exploited by hackers are at the application level. In fact, recent research by HPE shows that up to 84% of recent breaches were aimed at application vulnerabilities. Especially in a cloud environment, where the emphasis is on agile DevOps and frequent code updates, security is often overlooked, and without effectively integrating security into the software development lifecycle (SDLC), vulnerable applications can be released into production with little understanding of the consequences.

So if an organization is able to introduce security into the mind set of software developers, they will be able to improve the quality of the software and at the same time reduce the costs involved with out of cycle patch releases. Whilst there are products available so that developers can scan code before it gets released, a lot of the success from a software assurance program will come from changing the mentality of the organization – getting buy-in from senior management to sponsor security projects within the development organization, having people from the application security team involved at the product requirements planning stage, and introducing source code scanning as a gate process, ensuring that all code intended for release into a production environment is first scanned using whatever tool the organization has chosen.

Hewlett Packard Enterprise provide organizations with code security tools via the HPE Fortify family of solutions. HPE Fortify can be used in one of three ways in a cloud environment – static code analysis, dynamic application security testing, and real-time application security.

This video looks at some of the things to think about when introducing security into the application development lifecycle.



To learn more about hybrid cloud security, download the whitepaper from 451 Research Group. You can also learn more about the HPE approach to Hybrid Cloud Security. For information about application security and DevOps, and to download the recently released white paper on the state of security in DevOps, please visit this pageOther videos in the series can be found by searching for the tag cloudsectechvideos.

0 Kudos
About the Author


Simon Leech is a Certified Information Systems Security Professional with a specialisation in Security Architecture (CISSP-ISSAP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Certified in Cloud Security Knowledge (CCSK) and working in the Worldwide Security Center of Excellence within HPE Pointnext Advisory and Professional Services. Simon is active on Twitter as @DigitalHeMan

See posts for
HPE at 2018 Technology Events
Learn about the technology events where Hewlett Packard Enterprise will have a presence in 2018.
Read more
See posts for dates/locations
Reimagine 2018
Join us at one of the Reimagine 2018 stops and see how we Simplify Hybrid IT, innovate at the Intelligent Edge and bring it all together with HPE Poin...
Read more
View all