Cloud Security Principles: Part 2

- 5 mins

This is the second part of the series on the Cloud Security Principles. This post will look at some key principles for securing your applications. Similarly to the first post, some prior knowledge of various IT architecture and security concepts may be expected. This post was inspired by a talk I have recently done with Neha Sardana at JAX New York.


Introduction

In the first part, we have summed up all the essential elements to consider when working with Cloud and securing cloud-native applications/platforms. In this post, we would like to give you some concrete principles and tips for creating more secure applications.

Principles

Multi-Layered Defense

Keywords: general

First of all, a more generic but important principle: It would be best to look at security as a whole – integrating various security layers on multiple levels in any system. It should include cyber-security plans for:

  1. Devices
  2. Applications
  3. Networks
  4. Infrastructure
  5. People

Think of this principle as all the layers of clothing you wear to protect yourself from cold and bad weather. If one of the layers is compromised, there is always another to keep you warm and dry.

Identity and Access Management (IAM) Misconfiguration

Keywords: network, permissions

You need to control access and permissions meticulously and over time. Things to consider:

API Security

Keywords: endpoints, permissions

Data Encryption

Keywords: data

Zero Trust

Keywords: network, permissions

Software Supply Chain Security

Keywords: software, environment

Secure Containerization

Keywords: software, environment

Continuous Monitoring and Incident Response

Keywords: software, environment

Human Factors (including Social Engineering, Misconfigurations, and Human Errors)

Keywords: people, human factors

Conclusion

You have probably heard that nothing is stronger than its weakest link. Therefore, it is important to look at various sides of the security. Especially in the Cloud, one size does not fit all when it comes to security. Cloud platforms, software, and threats constantly evolve and add to the complexity of creating secure applications.

Here, we have seen some of the principles to consider regarding the security of the platforms and application development for the Cloud and cloud-native applications in general.

Finally, note that this is not an exhaustive list but is instead meant to serve as a stepping stone to more secure application development.


Rustam Mehmandarov

Rustam Mehmandarov

Passionate Computer Scientist