Microsoft supports secure cloud and agile programming

Microsoft offers guidance for cloud application security

Microsoft’s Trustworthy Computing Group (TCG) has published guidance on how to enhance the security development lifecycle (SDL) process for cloud computing applications and services. The guidelines are released just ahead of the launch of Microsoft's web version of its Office tools.

SDL is a software security assurance process and it is applied to everything from a new Windows version to a release of SQL Server or Office.

The company also published a guide to agile programming methodologies - a rapid way of delivering high quality applications.

“This guidance is primarily focused on web service application development,” said Steve Lipner, Microsoft TCG senior director of security engineering strategy.

“The guidance aims to show how security interfaces with cloud computing. For example, if you’re building an application that’s hosted in the cloud, SDL is key to the build of such applications."

Lipner said that the three stakeholders in cloud computing were customers - comprising businesses and government - who wanted secure access to secured data; application providers who create the cloud services; and the cloud providers who set up secure infrastructures for the application providers.

Lipner also emphasised the importance of compliance to Microsoft's cloud provision.

“At Microsoft we were given ISO 27001 certification for our operational and infrastructure cloud processes – this is an important international standard,” he said.

SDL was an outgrowth of Microsoft’s TCG. It was launched in 2002 and formalised in 2004, with a set of specific requirements for the TCG teams with regard to the software development process. SDL has seen six releases since launch.