The Doppler Quarterly Winter 2016 | Page 24

Pick a security approach and technology prior to building your application that will be effective for the type of application you ’ re running and that will address any compliance or other data-level security issues . If you ’ re in healthcare , for example , you must consider personally identifiable information as well as the Health Insurance Portability and Accountability Act ( HIPAA ) in the US . You ’ ll need to store data in a certain way , on clouds that are HIPAA-compliant . Moreover , the application will need to handle sensitive data in specified ways , with required levels of security , such as encryption .
Generally speaking , cloud-based applications should leverage identity and access management ( IAM ). Enterprises that develop mature IAM capabilities can reduce their security costs and , more importantly , become significantly more agile at configuring security for cloud-based applications . Indeed , IAM will be a part of more than 50 percent of existing applications that migrate to the public cloud and nearly 90 percent of new applications built on clouds .
What ’ s more , the use of IAM within cloud application deployments will backfill into the enterprise , as these organizations modernize security approaches and technologies to align with the use of public clouds . In many cases , IAM will be provided as a service to the enterprise . This concept of cloud-delivered IAM quickly leads to the concept of centralized identity management . As you build more cloud-based applications using IAM , each application should become significantly more secure and more cost effective .
Your core objective is to design security into the application and take advantage of the native features of both the cloud and the IAM system you use . However , each application has its own requirements based upon the needs of the business , and security always differs from one enterprise to another .
Summary
Building a cloud-ready application architecture requires that you pay attention to a few new things , but many of the traditional concepts are still important , such as sound design , testing , and learning from your mistakes . Most developers who deploy applications on private or public cloud platforms will make some blunders , but as long as they recognize , correct , and learn from those mistakes , they ’ ll be well on their way to finding a more effective path to building applications in the cloud .
Understand that approaches such as service orientation should be given priority , even if it means longer initial application development lifecycles and bigger budgets . Even though you ’ ll pay more for application development in the cloud than you did for traditional application development , the investment in services pays huge dividends year in and year out . It ’ s a smart investment .
22 | THE DOPPLER | WINTER 2016