SDL - Now for Cloud and Rapid Development


    With an increasing number of business customers choosing a cloud, or both, for the computing environment, the security guide should be dynamic. Since security and privacy are key issues affecting the choice of computing environment, manufacturers have the opportunity to convince customers that web applications running in the cloud can function in a safe and reliable way.

    Microsoft has taken a number of steps to make the best security expertise available to a wide range of developers. This includes a guide, an SDL optimization model, and a Threat Modeling Tool. All of the above, plus subsequent releases of SDL, tools, guides, and technologies will allow software developers and manufacturing partners to provide the required level of security in their applications, as well as their users a more reliable computing environment.

    At a conference in Berlin, Germany, Microsoft recently announced two new SDL

    Security Considerations for Client and Cloud Applications.. Download the SDL team report that discusses client and cloud applications, as well as steps Microsoft has taken to develop SDL in addressing security issues.

    SDL 4.1a, an extended version that includes a rapid development process . Download the latest SDL tutorial, including the SDL chapter for quick development, a clear approach that combines fast methods and security. The complete and, in addition, flexible SDL guide for rapid development includes all the requirements of SDL, providing additional guidance on how to use them for very short implementation cycles.

    Let us briefly dwell on each of them.

    Security Considerations for Client and Cloud Applications

    While computer manufacturers are discussing the cloud as a computing environment, customers are worried about how information security will be ensured. According to the results of an online survey of IT Pro’s in September 2009, about 51% of respondents rated the safety and security of information as the main barrier to deciding on the use of the cloud.

    When considering security issues for client and cloud applications, Microsoft considers security from the perspective of an organization that can consider hosting its applications in the cloud.


    If you intend to keep your application in the cloud at a high level, you should ask questions regarding two main security issues:

    · Safety requirements and compliance . If you have requirements, what should the provider do to ensure the required level of security for your software when stored in the cloud? What has he done to meet these requirements?

    · Features and level of security services . Different providers may offer different security features (for example, supporting specific types of authentication), as well as different levels of security service in their SLAs. Check out the details in order to know exactly what specific services they will provide you from a security perspective.

    Undoubtedly, developing software for the cloud as well as for the client side needs a structured development process from a security point of view, such as SDL. Therefore, make sure that you use a structured security development process such as SDL for your applications.

    SDL for rapid development

    You are not alone if you use the rapid development process. Rapid development methods are increasingly chosen by manufacturers around the world. According to an independent report by Forrester, 85% of industrial technology professionals have either just chosen, or are already using rapid development methods in their decision-making process.

    Note: If you are not already familiar with rapid development and would like to know more, you can read about it at . Wikipedia defines it as:

    Rapid software development refers to a group of iterative software development methodologies where requirements and solutions are unwound through collaboration between self-organizing cross-functional teams. The term was set in 2001 when compiled by Agile Manifesto .

    Also noteworthy, early Rapid Development methods include: Scrum (1995), Crystal Clear , Extreme Programming (1996), Adaptive Software Development , Feature Driven Development , and Dynamic Systems Development Method(DSDM) (1995). After the publication in 2001 of Agile Manifesto, they began to refer to the Fast Methodologies.

    On his SDL blog, Brian Sullivan gives an excellent description of the team's approach to the task of applying SDL requirements and processes, transforming the guide into a framework suitable for rapid development, which can be flexibly applied to both long and short quick development projects. Here is a short review of his post.

    When you look at the SDL security development life cycle and describe it in phases, you see that it was originally designed to integrate into the spiral development process of a product used by Microsoft to develop Windows and other business products. Although there are many differences between spiral methods and rapid development methods, the main ones for me are:

    · Rapid development methods do not have clear phases

    · Rapid development releases are usually much shorter, in some cases only one or two weeks


    Due to these differences, SDL for rapid development divides SDL (according to requirements) into three categories: requirement for each quick step, requirements are so important that they must be completed at each repetition; one-time requirements, requirements that must be completed once during the entire project, regardless of the duration of the project; and bucket requirements, requirements that need to be regularly completed, but they are not so important as to do this with each repetition.

    Threat modeling is a great example: a team can create a threat model throughout the week, but this will not necessarily be the most rational use of its time. SDL for rapid development gives an idea of ​​how the team can spend the appropriate length of time, simulate new features, as well as how to build a basic model for existing functionality.

    For a complete SDL guide for rapid development, download SDL 4.1a, an extended version that includes the Quick Development process, and read the new sections on rapid development.

    Concluding observations

    As the development of computing technology, Microsoft continues to invest in the basics of security and privacy, offering development, the best documents and technologies for both client and cloud applications. The release of SDL for rapid development, as well as a security report for cloud-based applications, confirms the fact that Microsoft is doing everything possible to keep up with the times, and ultimately will be able to create even more reliable online security.

    Also popular now: