hat's the number one concern when it comes to adopting a cloud computing strategy? Security. A company considering the cloud has to explore the security of the third-party cloud platform, as well as the security of the business application being hosted. Other security requirements will vary widely, depending on the applications, data sensitivity, applicable laws and regulations, and other factors.
It's worth the extra research: A well-managed software security program is a good investment at any time and can help minimize ongoing security-related maintenance costs.
In this white paper, Microsoft addresses potential security vulnerabilities during the development of client and cloud applications by using the Security Development Lifecycle (SDL). The white paper also details the steps Microsoft has taken to evolve SDL to address those security issues.
The paper describes how to minimize the security vulnerabilities in mission-critical platforms and applications by following two, complementary approaches:
1) Developing the policies, practices, and technologies to make client and cloud applications as secure as possible. The paper explains how the SDL addresses the operational security of cloud applications. The Release phase, in particular, reviews the following application attributes against established security standards and baselines:
- network communications
- platform requirements
- system configuration
- monitoring capabilities
2) Managing the security of the platform environment through clearly defined operational security policies.
Download the white paper at http://www.microsoft.com/sdl.