Cloud technology is safe
As the use of digital solutions is increasing, the requirements for privacy and information security are also increasing. The threats are becoming larger and more complex. Should this stop organizations from extracting the value digital solutions provide? I say no.
Tormod Fjeldberg, Head of ALM
By using correct tools and adapting how we think and work, the work of extracting values from digitization can continue - while ensuring security.
Cloud technology is a very good and, in most situations, crucial tool for quickly establishing secure and cost-effective digital solutions. It is easy to use, but if it is not done correctly the solutions will not necessarily be safe or help reduce costs.
Secure from the design phase
Cloud technology vendors, such as our partner Microsoft, use comprehensive efforts to secure their solutions. It can be said that the "foundation" is well secured, but if the solution that uses these services does not have equivalent security, it will be able to create a risk.
Therefore, safety must have a high priority already when designing the solution. The technical name for this is Safety by Design.
Unfortunately, I have seen many project plans that do not assess the safety of the solution before it goes into production. This can cause a lot of extra work and safety challenges can rarely be solved with simple steps.
A culture of privacy and information security
In recent years, there have been an ever-increasing number of security threats, and vulnerable components of the code are often the target. Therefore, it is critical to comply with privacy and information security requirements. Also, it becomes important to raise awareness about this for everyone involved in the development of the software.
Development of secure solutions is possible by taking action both on how the application team works and thinks, as well as implementing tool support for controls.
Want to learn how? Feel free to contact me. The email address can be found at the bottom of the post.
Do you have control over the content of your code?
Just as privacy and information security are important, it is also business critical to ensure that the content of the code is known and controlled.
By assessing the vulnerability of a specific functionality in a solution early, and ensuring that the developers have clear guidelines for building the application, you have a secure crash barrier.
Head of ALM
In order to provide control over which source code, library or other components have been used in the development of the solution, the construction step in the DevOps process must include an automized review (scanning) of the code. Then you build a Software Bill Off Material (SBOM), which is simply a table of contents for the software components the solution consists of.
It is recommended that this be checked out automatically as part of the construction process. For a mature solution that is not subject to continuous change, it is also important that this type of inspection is performed regularly, as new vulnerabilities in components can be identified. This can be done manually, but you must be sure that everyone follows manual processes and this reduces security in the solution.
Everyone can establish cloud solutions, but it is essential to have access to competence and experience for the establishment to be done in a way that ensures stability, security and costs.
Want to learn more about cloud security? Contact us!