Contrary to what you learned in kindergarten, sharing isn't always caring. In a Cloud Security Alliance survey, "Mitigating Risk for Cloud Applications," 59% of the 176 IT security leaders surveyed said they had experienced a cloud application security incident related to unwanted external sharing. Forty-seven percent reported a security incident stemming from unauthorized devices accessing cloud applications, and 32% encountered cloud application data syncing to a lost or stolen device.
For others, the broader challenges are just as overwhelming. When asked what their biggest day-to-day headache was when trying to protect cloud workloads, 35% of 570 cybersecurity and IT professionals said it was security's inability to keep up with the pace of change in applications, according to Cybersecurity Insiders' 2018 Cloud Security Report.
These are just a few common examples of cloud application security issues both enterprises and cloud providers must learn to anticipate and prevent. Domain 4 of the CCSP exam, entitled Cloud Application Security, covers important concepts and techniques for securing cloud software through every step of the software development lifecycle. This section of the test examines your understanding of secure software and the controls necessary for developing secure cloud environments and program interfaces. Candidates must be able to demonstrate their knowledge of identity and access management solutions for the cloud and the cloud application architecture. Domain 4 also covers data and application availability, integrity and confidentiality through cloud software assurance and validation.
This Security School, based on (ISC)² CCSP training material, covers the fundamentals of Domain 4 of the CCSP exam. Once you've reviewed the parts of this Security School on cloud application security, take the quiz to see how prepared you are for this portion of the exam.
View our Security School Course Catalog to view more schools.
CCSP® is a registered mark of (ISC)².
Cloud application security essentials
Like any other kind of software, cloud applications should have security baked in right from the start. Review these resources to learn more about the processes, architectures and techniques for enforcing cloud application security.
Wouldn't it be nice if every application were 100% cloud-ready? Unfortunately, that's often not the case, which can lead to security risks down the line if not properly addressed. Continue Reading
Cloud providers may advertise their apps as secure, but it’s up to enterprises to validate those claims and confirm adherence to a secure development lifecycle. Continue Reading
Domain 4 of the CCSP exam covers the fundamentals of cloud application security. Take this practice quiz to see how well you've absorbed key concepts and vocabulary. Continue Reading