Understanding and implementing the 14 Cloud Security Principles – Part 7: secure development
Continuing to explore the 14 Cloud Security Principles and following the National Cyber Security Centre’s (NCSC) guidance on how to configure, deploy and use cloud services securely, we’ve reached principle number 7: secure development.
What is secure development?
Secure development ensures that your IT and Cloud services and applications are safe from any threats. It is vital that the services your company employs in this area are specifically designed to identify and mitigate any potential threats to security that they may face. If there is inadequate secure development, your services may be vulnerable to a variety of security issues that could potentially compromise your data, facilitate malicious activity or result in loss of service.
When it comes to reviewing and implementing secure development, the NCSC advises that there are three common goals to achieve. “You should be confident that:
• New and evolving threats are reviewed and the service improved in line with the
• Development is carried out in line with industry good practice regarding secure design, coding, testing and deployment
•Configuration management processes are in place to ensure the integrity of the solution through development, testing and deployment.”
Implementing secure development
You don’t have to deliver all of your firm’s secure development in-house, at secure facilities or via highly vetted personnel. These approaches are all ideal for specialised components but it is always worth considering mature, independently supported, off the shelf components.
Ultimately, security should be the key element throughout the design and development of any service you implement. If you add any new features, you must evaluate any potential new risks and ensure there are effective mitigations in place to deal with them should the need arise. If in doubt about the secure development of your service, ask your service provider and expect them to be able to provide answers!
If you would like any more information on secure development or if you have any specific questions relating to the 14 Cloud Security Principles, please don’t hesitate to give any of us here at etiCloud a call or drop us an email.
Next up: Supply chain security