Optimization of Security as an Enabler for Cloud Services and Applications

Abstract

The advent of cloud computing has created a paradigm shift in how people around the world communicate and do business. Its inbuilt characteristics have empowered companies to build cutting edge solutions that bring us all together than we ever were before. Cloud computing provides avenues to use storage and computing resources in metered basis to provide optimized virtual infrastructure for service providers to prosper. Service providers can concentrate on building technology rather than worrying about the infrastructure and the platform for service hosting or server maintenance. Amount of information being shared and exchanged by users is growing exponentially by the passing of each hour. People around the globe have openly embraced the era of information technology, and almost unknowingly, it has become an essential part of everyday life. In this context, securing our digital life by enabling cloud applications to perform at its fullest is of prime importance. Security engineering community is continuously optimizing security standards, tools and practices to achieve this. This chapter throws light into such methods and technologies that form the Digital Guardians of our Connected World! In any discussion related to optimization of Cloud Security, it is important to recognize the current market and research trends. This chapter adopts a case study based approach to understand the current scenario and best practices with respect to Cloud Security. We discuss the overall security objectives and challenges that developers and cloud service vendors face during life cycle of Cloud software applications. Topics related to Cloud software quality assurance including cloud penetration testing are dealt with religiously in the chapter. We then propose certain tools and techniques which would help any developer or cloud security enthusiast to understand how to secure any application to make it cloud ready. This is very important; especially, with the growing complexity of web application threats. Hence, we have dedicated a section of this chapter to identify and mitigate security loopholes in the applications in a smart and focused manner.