Cloud Security
Running applications in the cloud doesn't really change security except that the infrastructure the app is running on is owned by a 3rd party and shared with other businesses.
Here is a simple list of things that devs should be thinking about while building a solution in the cloud:
- If there is a cloud management dashboard, enable two factor authentication for all users
- Think about the network topology and design the network with segments
- Make sure there is an audit trail for deploys and changes
- Check the cloud providers security pages
- Do all other security activities as if the app were hosted (scan, pentest, code review, etc.) Don't assume the cloud provider is doing anything here
Resources
Support or Contact
Having trouble with the developer pages? Help us update them or [email protected] and we’ll help you sort it out. See something wrong? Get involved and help us fix it!