Search Hashnode

Search posts, tags, users, and pages

Comment by Brandon on "Is concern necessary about security in applications that run on AWS, Azure or Google Cloud?" | Hashnode

Thread

Brandon

Frontend Developer

Mar 9, 2018

The same amount is needed as on any other non-cloud platform.

The first things which come to mind are roles/permissions, AV, database injection, ddos, resource monitoring (limiting server costs), private ssh keys, https vs http, VPN / NAT / routing, etc.

The cloud platforms often have tools to help mitigate these things but they aren't necessarily on by default and you still have to monitor and build a secure app.

It's pretty easy for a burglar to enter your house if you leave the door open.

Bruno Anken

Software/Computer Engineer

Mar 14, 2018

Thanks for the answer! And a very nice phrase to end the lesson. Cool! Do you think things like these could be achieved only by the development team or a security team would also be needed to make sure the application is safe?

I think a development team can be sufficient provided they at least know basics about security. If you're unsure then you can always hire a security consultant to do an audit or provide your developers with security training. The important thing is that management must value security and not do anything to compromise development using good security practices.

Brandon

Frontend Developer

Mar 14, 2018