Because there is no telling how secure the cloud really is, Fortify, a provider in software security solutions, today announced new cloud-specific security capabilities, including a software security Cloud Readiness Scorecard application analyzer.
This analyzer indicates an application’s risks and security vulnerabilities before being moved to the cloud. New remediation capabilities also enable teams to fix these vulnerabilities.
When relying on public or shared Domain Name System servers, applications can be more susceptible to hackers and cyber-attacks. The Cloud Readiness Scorecard alerts teams ahead of time to possible risk points and rates an application from weak to strong depending on the number of major or minor fixes needed before being considered “ready for the cloud.” The remediation capabilities enable teams to mitigate these vulnerabilities in order to deploy applications safely and ensure secure code.
When moving an application from its cozy environment behind the firewall to a generic, shared environment, such as the cloud, things will communicate differently, said Brian Chess, Fortify’s cofounder and chief scientist. But, “if you can trust your software, you can deploy in any environment,” he said.
Georg Hess, OWASP member and CEO of Art of Defence, a Regensburg, Germany-based application security provider, said, “If you develop an application for internal use in a secure data center, you trust its users. But once [the application] is moved to the cloud, there is no notion of an internal user anymore.”
Once in the cloud, an application is accessed by a user interface that is also available to external users, Hess said. This type of change can be one risk of moving an application to the cloud and can potentially open an application to unauthorized users and expose confidential information.
To avoid such situations, “You will need to know your software will behave the right way,” said Mike Armistead, Fortify’s cofounder and vice president of corporate development. This is also beneficial to cloud providers to ensure bad code isn’t introduced to their environments, he added.
These new capabilities will be available later this quarter and are included in Fortify’s on-premise software security solution, Fortify 360, and its hosted software-as-a-service product, Fortify on Demand.
For those interested in learning more about the cloud and possible security risks, Fortify also announced the availability of two new white papers. “Capturing the New Frontier: How Software Security Unlocks the Power of Cloud Computing” is available now on Fortify’s website, and “Software Security in the Cloud: A Technical Perspective” will be published mid-June.