The Cloud Security Alliance and SAFECode have identified best practices for developing applications that meet the unique security requirements of cloud computing.
Cloud computing is useful because it offers a new approach to IT, leveraging shared resources to maximize productivity and cut overhead. But with new approaches come new threats. How can agencies minimize risk in this environment?
The Cloud Security Alliance and the Software Assurance Forum for Excellence in Code (SAFECode) have collaborated to identify a set of best practices for developing applications that meet the unique security requirements of cloud computing. The resulting paper, Practices for Secure Development of Cloud Applications, applies established methods of producing secure code to the architectural requirements of the cloud.
“For cloud computing to reach its true potential, all parties involved – both consumers and providers – will need new ways of thinking about security needs and related standards,” the paper says.
Eric Baize, senior director of the product security office at EMC Corp. who participated in the study for SAFECode, says the new guidelines are an addendum to the existing security practices identified in SAFECode’s Fundamental Practices for Secure Software Development.
About 70 percent of cloud development work is common with other application environments, Baize said. The difference in the remaining 30 percent lies primarily in the fact that the cloud is a multitenant environment in which trust boundaries are required because software running in one entity can be used by another.
The CSA and SAFECode working group spent about six months reviewing existing development practices to identify gaps that should be filled for the cloud environment. Representatives from member companies shared their experiences and lessons learned to identify a consistent set of practices that address issues in the cloud. The working group focused on the platform-as-a-service model and identified a basic set of threat areas that needed to be addressed differently in the cloud:
- Data breaches: Compromises in the virtual infrastructure can pose threats to co-tenants in the cloud, and techniques such as SQL injection threaten more serious consequences with multiple applications sharing an underlying database system. A flaw in one application could expose all.
- Data leakage and data loss: When data is kept in the cloud, the system needs to be designed, implemented and deployed so that it can withstand attacks on various levels in the multitier architecture. Changes to data should be detectable and traceable, and the data should be able to be restored. If encryption is used to protect data, at what layer is it performed and how are keys managed?
- Insecure interfaces and APIs: Improperly designed application programming interfaces can create vulnerabilities when used by third parties.
- Denial of service: This can occur at several layers, expanding the attack surface in a cloud environment.
The paper describes the security practices in the context of the unique requirements of the cloud. Recommendations are mapped to specific threats to provide detailed illustrations of the security issues they resolve, with specific action items for development and security teams.
Like many best practices, those identified for secure development of cloud applications are often common sense. “For us, it’s not a surprise,” Baize said of the recommendations. “I don’t expect this to be a surprise to anybody.”