Advertisment

'In cloud security matters, but apps don't'

author-image
CIOL Bureau
Updated On
New Update

BANGALORE, INDIA: How many applications we build today are security and scalability aware?

Advertisment

This was the question that most of the delegates raised at the Spark IT 2011 session on Security and Scalability in Cloud. To the surprise of many, security expert Dr. Asoke K. Talukder’s answer was a big NO.

Somebody will always try to use your system to do things that the system is not intended to. The problem with most of the applications today is that they are built keeping in mind an environment where everything is trusted. But this attitude has to change as everything is moving to cloud where we have completely untrusted environment, Talukder reasoned.

“If you make your application security aware, then it doesn’t matter which environment it is in; it will be able to protect itself,” he emphasized.

Advertisment

Security gurus have developed many techniques over the years. But there has been reluctance on the part of developers in implementing security checks, the security expert pointed out.

How can somebody attack if there is no vulnerability?

How can somebody attack if there is no vulnerability? If you can put the real checks and balances then your application will become security aware.

Advertisment

He noted, “Today, we are looking at security from the point of view of protected environment where everything is trusted. If I want to take that to untrusted environment then developers have to include the concept of making the software security and scalability aware.

He said for the cloud environment there are security guidelines from almost 10 years now. But the question is that if we are really using them?

To a question of how safety can be ensured with cloud service providers, Talukder suggested that the cloud customers have to be specific while drafting the security and scalability policy when entering the service level agreement.

“You have to build a trust and protect that trust through MoUs. Beyond that I don’t think anybody can do anything.”

tech-news