The Doppler Quarterly Summer 2016 | Page 23

Moving your applications to the public cloud does not necessarily mean that you ’ re giving an inch on security . Indeed , the approaches and mechanisms available to developers and administrators in the public cloud are often better than the tools and methods you use within the enterprise .
be built into the application and make sure they ’ re all functioning correctly .
Also , after you stage and deploy an application in the cloud , continue with your security operations focus during the continuous operations phase . Review operations of IAM and encryption within the applications , data storage , and the platforms to ensure that you ’ re as protected as you should be , and that all protections are active and functioning correctly .
Your approach to DevSecOps will vary greatly depending upon your applications , your industry , and the brand of public cloud on which you deploy . The best practices here are to continually improve your approach to security , and be proactive in monitoring applications in operations to look for activities that could be leading up to attacks or represent attacks that are underway .
Public Cloud Best Practice : Oversecure Your Apps levels . This approach to oversecure cloud applications , as well as to leverage better operational practices , will serve application owners well .
The integration of these security best practices with your DevOps processes is where the rubber meets the road . The automation of security building , testing , and operating means that , as a developer , you don ’ t have to be constantly paranoid about security . Security is simply built into the development process as well as the automated tools that facilitate it .
These days security is an easy thing to implement in public cloud-based applications , given the availability of modern tools and approaches . The bad news is that security must continuously change and evolve to respond to changing risks , and it ’ s no longer just a problem for IT security and the infrastructure team . Developers are now in the fight .
What are you doing to protect your applications ? Send us a note at doppler @ cloudtp . com
IT executives often believe that they must give up security to get value out of public clouds . That ’ s not the case . Security is related to the approaches and technology you leverage , as well as your commitment to bake in security at many levels . Most cloud-based applications are more secure than traditional applications for this reason .
That said , it ’ s your responsibility as the developer to ensure that security is systemic to your cloud-based applications at the application , data , and platform
SUMMER 2016 | THE DOPPLER | 21