Cloud Application Security
The goal of the Cloud Application Security domain is to provide you with knowledge as it relates to cloud application security. Through an exploration of the software development lifecycle, you will gain an understanding of utilizing secure software and understand the controls necessary for developing secure cloud environments and program interfaces.
You will gain knowledge in identity and access management solutions for the cloud and the cloud application architecture. You’ll also learn how to ensure data and application availability, integrity, and confidentiality (AIC) through cloud software assurance and validation.
Domain Objectives
After completing this domain, you will be able to do the following:
Identify the necessary training and awareness required for successful cloud application security deployment, including common pitfalls and vulnerabilities
Describe the software development lifecycle process for a cloud environment
Demonstrate the use and application of the software development lifecycle as it applies to secure software in a cloud environment
Identify the requirements for creating secure identity and access management solutions
Describe the specific cloud application architecture
Describe the steps necessary to ensure and validate cloud software
Identify the necessary functional and security testing for software assurance
Summarize the process for verifying secure software, including application programming interface (API) and supply chain management
Introduction
As cloud-based application development continues to gain popularity and widespread adoption, it is important to recognize the benefits and efficiencies, along with the challenges and complexities.
Cloud development typically includes integrated development environments (IDEs), application lifecycle management components, and application security testing inherent to the continued and expanded use of technology to deliver services, organizations are presented with quantitative and qualitative risks and challenges.
The failure to address these risks directly affects the organization, its software supply chain (extended enterprise API management), and its customers.
For the appropriate steps and controls to be implemented, these organizations must understand application security in a cloud environment, along with the differences from traditional information technology (IT) computing.
Just as traditional deployments within a data center or even a hosted solution where network controls are ubiquitous and compensating perimeter controls are sometimes depended upon to offer application security, cloud applications can be secure as long as the same security evaluation for cloud environments is performed.