5 Security Skills Every Cloud App Developer Should Have
Talented cloud application developers are in high demand, but to build secure applications that protect their employer (and job), they need these vital expertise in cloud and server security.
The cloud brings enterprise-grade infrastructure within reach of every application developer. High-quality databases, frameworks, and tooling are freely available, making it easier than ever before to build powerful, custom applications. But building an app and securing it are not the same thing. Developers must also have a solid understanding of the security issues their app is likely to face.
Here are 5 skill sets developers need to build secure, cloud-based applications:
Cloud Identity Management & AuthenticationSecurity is a top priority for cloud platforms, and the infrastructure layer – the underlying physical hardware and virtualization software that makes the cloud possible – is unlikely to present a problem. No major data leak has been ascribed to cloud infrastructure itself.
However, the authentication layer can be a weak point if it isn’t properly understood and managed. Problems with authentication range from poorly chosen passwords to private keys that are uploaded to version control platforms to misconfigured security permissions. As you can see from this list of infamous cloud data breaches, most were in fact caused by issues related to authentication.
Developers must understand the security model of the cloud platform and any associated risks. Expertise in Identity and Access Management (IAM) for the cloud is a highly marketable skill, especially with regard to cloud identity management systems and, in the wake of GDPR, experience of compliance issues as they relate to IAM.
Information Security ManagementAn understanding of information security management is an essential skill. Developers are often over-confident about their understanding of cyber security issues, and an information security certification reassures businesses that they are hiring someone who has a firm grasp on the risks.
Certifications such as the Certificate of Cloud Security Knowledge (CCSK), which validates expertise in areas like cloud architecture, governance, encryption, and compliance, and the Certified Information Systems Security Professional (CISSP), which covers a range of cloud security topics such as information management and identity management, give businesses confidence that developers are able to implement their security goals.
Database ConfigurationMany of the worst data thefts in recent years were the result of insecure databases running on cloud servers. Some of the most popular databases, MongoDB and the memcached key-value store in particular, are insecure by default. Inexperienced developers deploy them without the necessary security configurations and inadvertently make sensitive data available to anyone with an internet connection.
If you work with a database, make sure you understand its default configuration and how to secure it for production use. Other valuable database skills for cloud app developers include knowledge of SQL and NoSQL databases, and particularly cloud databases such Google’s Firebase.
Basic System Administration SkillsApplication development and system administration are different roles with different skill sets. Most software engineers and developers have some system administration experience, but it may be just enough to get them into trouble. An insecure server with an inadequate firewall configuration, poorly configured services, or out-of-date software is a liability.
Developers who are expected to manage cloud servers should develop a familiarity with the latest operating system and server administration best practices.
In-Depth Understanding Of The OWASP Top TenIn addition to excellent web security guides, The Open Web Application Security Project (OWASP) publishes a yearly round-up of the most common security threats to web applications. The 2017 list includes injection attacks, security misconfiguration, cross-site scripting, and insufficient logging.
A cloud application developer should have an understanding of each risk, the mechanism by which it works, and how to build apps that aren’t vulnerable in their preferred programming languages and web frameworks.
Businesses from startups to Fortune 500 enterprises are on a hiring spree for software developers to build cloud-based applications. As a lack of expertise in cloud security is partially to blame for the recent litany of high profile data breaches, those app developers with the right combination of cloud computing and cyber security skills will reap the greatest rewards as this space continues to grow.