If you work anywhere in the tech industry — and you are reading this blog post, after all — you probably have a good idea of the awesome stuff the cloud can do. From medical applications to advanced query processing to plain old communications, a lot of the tasks off-site computing platforms perform are darn near magical.
But did you know the cloud's incredibly versatility extends to software security, too?
That's right. Cloud security is the next big thing for app development — mostly because cloud-based security platforms can revolutionize how security testing and expertise are delivered to development teams. Here's a look at how this revolution is happening:
MightyOff-Site Muscle for Assessing Apps
When IBM's Watson appeared on Jeopardy! in 2008, the world got an honest-to-goodness glimpse of the future. Not long after that, IBM laid out plans for the Watson Developer Cloud — a program devs could harness to make use of the supercomputer themselves, accessing it via the internet through cloud technology.
Now, Watson doesn't have a lot to do with security. But the idea of allowing devs to access powerful hardware remotely is just as exciting for everyone in the world of AppSec, especially the people tasked with securely developing those apps.
To put this another way, what if powerful, cloud-based machines automated your security assessments for you? No fiddling with test configurations. No downtime as you wait for tests to complete. No triaging false positives hidden in test results. And combining an app-security-testing platform with other cloud-based services — remediation help, eLearning courses, audit reporting — makes cloud security a true win-win situation for developers. Automated security tasks free up you and your machine to perform other functions, and you can tap into other cloud security services whenever you need them to help you fix things faster.
Anything that saves time, promotes efficiency and introduces a more secure product is the definition of good business. That makes cloud security a hugely important consideration, no matter what an organization's application-security goals are. Then all you'd have to do is wait for your Secure Development Award to show up.
One Ring to Rule Them All
Say you have 40 applications that must be PCI compliant. If every development team could change the security tests running on their desktops, how could you prove the code produced is actually compliant?
That's twice as true if you're a company commissioning work from third-party vendors or system integrators. Keeping an app up to snuff is challenging — when multiple development teams work together to provide a unified product, you are just as responsible as your vendors for any compliance issues. Sure, some big companies with enormous compliance budgets find a way, but most companies don't have the resources for that.
So, how do you drive consistency? Cloud-security platforms offer a more cost-effective way to enforce the same compliance rules across your company's code, regardless of who's producing and submitting it.
Always On (for Anyone, Anywhere)
Another benefit that cloud-based platforms can bring to application security is the ability to deliver capabilities across many development teams (or even software companies). Cloud-security platforms let developers test their code from wherever. It doesn't matter if your development teams are at your headquarters, in India, Ireland or wherever else they can access the platform via VPN.
Aside from the obvious benefits of consistent policy enforcement, having multiple teams using the same cloud security platform enables you to roll up reporting. It becomes easier to see which teams are testing regularly and improving their ability to deliver securely developed code.
To that end, cloud security is great for integration across multiple teams period, not just as it applies to compliance. it also keeps teams on the same rough road map, hitting milestones as scheduled. That's a major benefit if you've ever worked in a setting where one dawdling team held an entire project up.
The Future of AppSec
If you're not convinced yet, I'll say this once more: Cloud-based security solutions are worth a look. Off-site computing power isn't going away, and neither are security concerns surrounding business software. Finding a solution that makes use of one and targets the other is hugely important.
It's becoming clear to business leaders that security is as vital to software development as efficiency. Too often, focusing too much on one results in a degradation of the other, forcing sacrifices to be made. By integrating proper security measures with cloud-based platforms, developers and the companies buying their wares can more easily focus on both – resolving an issue that's caused many a decision maker to lose sleep over the years.
Photo Source: Wikimedia Commons