Risk Management Decisions Must Be Made at the App Development Level
- Developers must have a clear understanding of how to put together, and leverage, cloud service components to deliver a level of security required by a business or an application.
- DevOps methodology is essential, and it needs to have automation and testing throughout the process.
“A true DevOps process gives you the possibility of accounting for security in a much more holistic way.”
One of the great challenges of securing assets beyond the perimeter is building apps designed to run securely in that environment. Darwin Sanoy, a senior cloud and automation architect at a major SaaS company, attributes this challenge in part to the difficulty of overcoming traditional app development practices. “Traditional on-premises development that happened within a ‘secure perimeter’ philosophy didn’t worry a lot about security,” he says. “Whenever you’re dealing with something legacy, such as adapting existing code to the cloud, there are legacy habits in which security is not a first-class citizen as far as application design.”