Cloud computing is useful because it provides a new way for it to leverage shared resources to maximize productivity and cut spending. But the new approach also poses new threats. How do we minimize the risk of such an environment? The Cloud Security alliance and Safecode work together to develop a set of best practices for application development to meet the unique security requirements of cloud computing. Eventually they released the best practices for cloud application security development, which lists ways to develop secure code in a cloud environment. "In order for cloud computing to fulfil its true potential, users and suppliers need to rethink security requirements and standards," the paper said. "Eric Baize, senior director of product security at EMC, who participates in Safecode research, considers these new guidelines to be an addendum to existing security practices (Safecode's Security software development infrastructure)." About 70% of cloud computing development work is the same as other application environments. The main difference in the remaining 30% is that cloud computing is a multi-tenant environment in which trust boundaries are required because software that runs in one entity can be used by another entity. The Cloud Security Alliance and the Safecode team spent six months reviewing existing development practices to identify problems with cloud environment application development. Representatives from the member companies also shared their experiences and lessons. The team focused on the platform, the service model, and identified the risk issues to be addressed in a cloud environment: a Data Disclosure incident: A virtual infrastructure attack could pose a threat to other tenants in the cloud environment, and technologies such as SQL injection could pose risks to multiple applications sharing the underlying database system. Vulnerabilities in one application can affect all applications. Data leakage and data loss: When data is stored in the cloud, the system needs to be designed and deployed as it can withstand different levels of attack in a multi-tiered architecture. Changes to the data should be detectable and traceable, and the data should be recoverable. If encryption is used to protect the data, which layer should be encrypted and how is the key managed? Unsafe interfaces and APIs: poorly designed application programming interfaces may create vulnerabilities when used by third parties. Denial of service: This can occur in several layers, expanding the attack surface in the cloud environment. The report describes security best practices in the context of the unique requirements of cloud computing, and provides recommendations for specific threats, specific measures to be taken by the development team and the security team, and so on. (邹铮 Compilation) "Editorial Recommendation" Application of cloud security technology in LAN China and America cloud security status and existing problems Why is cloud security a huge challenge? Corporate cloud security Audit requirements and recommendations Gartner: Strong divergence of cloud security growth still exists "responsible editor: Blue Rain Tears TEL: (010) 68476606" Original: Cloud Application Security Development best Practices: protection Cloud Application safe return network security Home
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
