The Cloud Security Alliance (CSA) has released new guidance for the secure development of cloud applications
The CSA, a not-for-profit organization, will be working with the Software Assurance Forum for Excellence in Code (SAFECode) for the new initiative.
The partnership aims to provide practical secure development recommendations in the context of critical threats specific to cloud computing.
SAFECode and CSA partnered to determine whether additional software security guidance was needed to address unique threats to cloud computing, and if so, to identify specific security practices in the context of identified threats.
While the working group’s efforts confirmed that each practice identified by SAFECode as fundamental to software security applied equally to cloud software, it also identified additional practices that should be adopted by those developing software for the cloud, given the unique threats faced in that domain.
This new report represents the product of that collaboration and is intended to help readers better understand and implement best practices for secure cloud software development.
It offers practical secure development guidance in the areas of multi-tenancy, trusted compute pools, tokenization of sensitive data, data encryption and key management, authentication and identity management, shared-domain issues and securing APIs.