Developing Secure Applications for the Cloud

简介: A discussion of security best practices for developers who are building cloud applications.

By Scott Fitzpatrick

1

When it comes to utilizing a cloud platform for your application, security is of the utmost importance. Security starts with developers who should tailor their application security practices and strategies to the type of environment their application will be deployed in. Secure development practices can mean the difference between resting easily each night knowing your application protects the consumer data with which you've been entrusted, or dealing with the constant threat of a data breach that would keep any good developer on edge.

This article highlights best practices for secure development of applications that will be deployed in a public cloud such as Alibaba Cloud (where you can take advantage of a $300 credit if you'd like to get started with deploying applications to the cloud).

The Art of Protecting Consumer Data

One of the greatest responsibilities a developer has when dealing with sensitive consumer data is protecting that data from unauthorized modifications or outright theft. Security concerns are heightened when the application is both deployed to and run on a cloud platform. The act of securing this data includes both protecting data at rest, where it resides in a database, and as the data is transmitted from one server to another. A valuable and necessary protection strategy is encryption.

Encrypting data for an application that is deployed to a cloud platform provides new challenges for the development team, as the situation differs greatly from data encryption scenarios they may be accustomed to. When an application does not utilize a public cloud environment (i.e., when it runs on-premises or in a private cloud), the data being encrypted is stored on a server to which the DevOps organization typically has full access and control. This is not the scenario that plays out when an application uses a cloud platform. Therefore, it is important for the development team to take some precautions to assure that the sensitive data employed by the application is adequately protected.

One potential solution (that is often considered a best practice) is to ensure that data is protected through the use of client-side encryption when using a cloud platform. Client-side encryption is an extremely effective tactic for ensuring that data is protected as it is transmitted. This encryption practice is a form of asymmetric data encryption, where the data being sent to the remote server is encrypted prior to it being transmitted. The basic tenants of the strategy are as follows:

● Each time data is uploaded, a public key is used to encrypt the data prior to the data being transmitted to the remote server.
● The encrypted data is then stored on the cloud platform with no reference to the plain-text data.
● When downloading an object, the encrypted data is downloaded, and a private key is utilized to decrypt the encrypted object so that the plain-text data can again be viewed in its original form.

As you can see, this secure development practice provides several benefits. First, the cloud platform maintains no reference to the plain-text data. Thus, the development team can rest assured that the platform's servers (over which they maintain no real control) are not a concern in terms of security from a data loss standpoint as the data rests on the remote server. The other main benefit is the protection of data in transit. At no point is plain-text data being transmitted to the cloud platform, eliminating the concern over data leakage.

Proper Use of APIs

Ensuring that you are properly using the APIs provided by your cloud platform can also serve to assist in developing secure applications. This may sound like an obvious practice, but it deserves a mention. Improper use of an API, in some of the worst cases, can result in unauthorized access to data or unauthorized access to application functionality that can put data integrity at risk. It is therefore imperative that the developers applying the API write code with a mindset that puts security first, while providing the API methods with all the necessary information to determine if the user should have access to perform that functionality—and if so, also ensure that the proper action is being taken as per the API documentation.

Alibaba Cloud's Security Products

As an example of the types of services available for securing cloud applications, consider the solutions offered by Alibaba Cloud:

Server Guard: A monitoring service that automatically detects intrusions in applications running on Alibaba Cloud.
Anti-DDoS: A service for protecting against Distributed-Denial-of-Service (DDoS) attacks, which can make cloud-based applications inaccessible for users.
Web Application Firewall (WAF): A firewall that cloud admins can use to protect applications and services running in Alibaba Cloud, and automatically disarm attacks based on machine learning.

These services provide the protections that organizations need to mitigate security threats against applications deployed in the cloud.

Conclusion

While developing for a cloud platform can provide certain challenges that are not always present when developing outside the cloud, a few simple practices can go a long way toward securing your application.

In today's climate, where the importance of data security is at an all-time high, simply utilizing an encryption strategy such as client-side encryption can make all the difference in ensuring that a data breach doesn't occur on your watch. Combine this with careful development to establish proper usage of the API provided by the cloud platform you are using, and you are well on your way to secure development in the cloud.

目录
相关文章
|
Oracle 关系型数据库 MySQL
Website Cloud Architecture Best Practices
Most corporate users can customize their technical architecture according to individual business needs, achieving a Web-scale IT system design.
2916 0
Website Cloud Architecture Best Practices
|
网络协议 安全 应用服务中间件
WordPress with LEMP on Alibaba Cloud – Part 3 Configuring a Domain and Let's Encrypt SSL
Welcome to the third tutorial in this series about installing WordPress upon a highly performant server stack on an Alibaba ECS Cloud Instance.
2552 0
|
定位技术
Esri and Alibaba Cloud to Bring Enhanced Location Intelligence Technology to Cloud Users
Esri and Alibaba Cloud are working together to combine Esri’s excellence in GIS with Alibaba Cloud’s world-class Cloud Computing capabilities.
1399 0
Esri and Alibaba Cloud to Bring Enhanced Location Intelligence Technology to Cloud Users
|
弹性计算 安全
Alibaba Cloud Server Guard: A Comprehensive Assessment
The massive amounts of computing resources available in current cloud environments are extremely attractive to hackers.
2895 0
|
弹性计算 安全 网络安全
Services to Secure Your Applications
Alibaba offers an industry-leading suite of security solutions through its Alibaba Cloud platform.
1435 0
|
安全
5 ways to minimize the security risks of the cloud
Like real clouds, cloud services have holes. The Cloud Security Alliance (CSA) has warned that the shared and on-demand nature of cloud computing intr
1666 0