Take your app security with you to the cloud
Great article from Bill Pennington
Cloud computing is becoming a fundamental part of information technology. Nearly every enterprise is evaluating or deploying cloud solutions. Even as business managers turn to the cloud to reduce costs, streamline staff, and increase efficiencies, they remain wary about the security of their applications. Many companies express concern about turning over responsibility for their application security to an unknown entity, and rightly so.
Who is responsible for application security in the new world of cloud computing? Increasingly, we see third-party application providers, who are not necessarily security vendors, being asked to verify the thoroughness and effectiveness of their security strategies. Nevertheless, the enterprise ultimately still bears most of the responsibility for assessing application security regardless of where the application resides. Cloud computing or not, application security is a critical component of any operational IT strategy.
Businesses are run on the Internet, and as cloud computing expands, that means that a host of new data is being exposed publicly. History and experience tell us that well over 80% of all websites have at least one serious software flaw, or vulnerability, that exposes an organization to loss of sensitive corporate or customer data, significant brand and reputation damage and, in some cases, huge financial repercussions.
Recent incidents on popular websites like YouTube, Twitter and iTunes; hosting vendors like Go Daddy; and the Apple iPad have exposed millions of records, often taking advantage of garden-variety cross-site scripting (XSS) vulnerabilities. The 2009 Heartland Payment Systems breach was accomplished via a SQL Injection vulnerability. Thus far, the financial cost to Heartland is $60 million and counting. The soft costs are more difficult to determine.
Across the board, organizations will have the opportunity to prioritize security on the most exposed part of the business, web applications, and often the most seriously underfunded. The following issues must be understood in order to align business goals and security needs as the enterprise transitions to cloud computing.
1. Web Applications Are the Primary Attack Target – Securing Applications Must be a Priority
Most experts agree that websites are the target of choice. Why? With more than 200 million websites in production today, it follows that attackers would make them their target. No matter the skill level, there is something for everyone on the Web, from random, opportunistic attackers to very focused criminals focused on data from a specific organization. In one of the most recognized cases, an attacker used SQL injection to steal credit /debit card numbers that were then used to steal more than $1 million from ATMs worldwide.
Here are some related posts:
Category: Adoption, Cloud Computing News, Encryption, Resources, Security, Strategy
Pingback: Tweets that mention Take your app security with you to the cloud | Cloud Computing Zone -- Topsy.com
Pingback: Nothing found for Take-your-app-security-with-you-to-the-cloud-cloud-computing-zone-3-657