Locking down cloud applications

Grazed from GCN. Author: Editorial Staff.

Cloud computing is useful because it offers a new approach to IT, leveraging shared resources to maximize productivity and cut overhead. But with new approaches come new threats. How can agencies minimize risk in this environment? The Cloud Security Alliance and the Software Assurance Forum for Excellence in Code (SAFECode) have collaborated to identify a set of best practices for developing applications that meet the unique security requirements of cloud computing.

The resulting paper, Practices for Secure Development of Cloud Applications, applies established methods of producing secure code to the architectural requirements of the cloud. “For cloud computing to reach its true potential, all parties involved – both consumers and providers – will need new ways of thinking about security needs and related standards,” the paper says…

Eric Baize, senior director of the product security office at EMC Corp. who participated in the study for SAFECode, says the new guidelines are an addendum to the existing security practices identified in SAFECode’s Fundamental Practices for Secure Software Development…

Read more from the source @ http://gcn.com/blogs/cybereye/2013/12/safecode.aspx