Cloud Security in Application Lifecycle Management

Application Lifecycle Management (ALM) will still be a challenge when the "application" is a unit of huge software running on a single server because in order to maintain the needs of business operations at the level of overall software change . The challenge has also been magnified with the combination of cloud computing and flexible resources on the employee side, multi-vendor integration, modularity and orchestration. Magnifying effect is very serious area of ​​safety. Like other requirements in an application deployment, cloud security needs should be reflected in ALM, not luck.

In ALM, the application runs through the entire iteration cycle of developing / modifying, testing, showing, deploying, producing / operating, versioning, and then over again. In traditional static data center deployments, security processes are often used in environments like data centers, networks, where applications are deployed and tested, and more often deployed for operations rather than the application itself. The periodic ALM process runs under a consistent security umbrella. Unfortunately, this method has no effect on the cloud step.

In cloud deployments, applications are increasingly deployed in virtual subnets that host off virtual machine or SaaS component elements. This is then accessed via the WAN connected to this application's subnet through the gateway. All of these virtualization obscures the fact that every application structure is a new infrastructure for security purposes. Just as a virtual LAN, without any gateway, is not able to support user connections, and it is not safe to have a LAN that does not have specific security features for that network. This forced the user to turn the security management environment issues into application problems, which is the ALM problem.

The starting point for ALM-based security must be a virtual network model, such as a true infrastructure, that can be protected. Both public and private clouds, and the SaaS model for all cloud services, should also be compatible with the assumption that a given application component is hosted on a virtual LAN and can be accessed by a gateway over an IP address set access. This model provides a http://www.aliyun.com/zixun/aggregation/18415.html "network connectivity framework that protects your LAN as it would in the data center, meaning firewalls, access control, and the like Follow the standard datacenter model ALM professionals are likely to have already used in internal IT that will have to adapt to the cloud in the future and must address the entire ALM process, from developing / modifying to versioning and initiating a new change cycle.

The changes that have been made to cloud security practices are now related to the differences between the virtual network model hosting applications and the real network models used for data center applications. If the application's virtual network is only useful for controlling the VPN, then this represents no improvement in security over the traditional application from the same VPN. If the application virtual network is accessible via the Internet and Internet VPN, the application's gateway is addressable on the Internet and is targeted by hacker or DDoS attacks. This is often mitigated by the ISP or the application listening VLAN gateway, but in either case, activating the security process must be explicit (either by contract or by selecting and setting the correct mesh). These steps will have to be added to the list of ALM processes in the future, not only for production deployments, but also for all phases prior to the application's exposure.

The problem with adapting in ALM is that the version's diversity and the application's state of operation can be at a given point. A given piece of software is likely to exist in at least two operational states (production and test), but may be five or more states, depending on the complexity of the software modification process and the number of tests, The number of pre-production stages of full production associated with migrating an application. While it is important to test the safety and application functionality for each test phase, it is equally important that the security process be significantly different from the set of phased resources that is available with all other versions. Just having a safety umbrella to protect all software during the ALM phase or testing for the risk of contamination of production use is unsatisfactory.

In fact, the safest route to protecting multiple states or versions of an application in ALM is to assume that each ALM state or version (for example, production and test) has its own virtual network and has the same set of tools and operations The process does not protect every virtual network, each with its own iterative tools and processes.

These must protect each other's independence, just as true software versions remain independent, the same reason. Hybrid security processes can inadvertently impact the production application or allow users to access the test system when they are confident that they are using the production version. Most importantly, for the cloud, security must be an element of ALM because virtual resource security can not be managed or secured simply by using traditional networks and IT related to fixed resources and devices Process.

Security is not the only toolset and practice that has had to shift from an entire infrastructure to an application-focused application that moves from fixed hosting to the cloud, but it is probably the first and most likely important. Assuming that cloud security is a major technical hurdle to migrating applications to the cloud, it is reasonable to assume that failure to adapt to the new security model in ALM could slow down cloud applications and reduce overall benefits.

(Editor: Shi Bo-peng)