Fortify announced new capabilities in its Fortify 360 and Fortify on Demand products that include cloud-specific vulnerability analysis, a software security Cloud Readiness Scorecard, and remediation capabilities that enable teams to not just evaluate the readiness of their software for cloud environments, but to find and fix security vulnerabilities that could be caused specifically by a move to a cloud environment.
The company also published a new white paper that helps explain the risks associated with moving applications into the cloud and the process for "preparing" software before moving it into a cloud environment. A more technical paper will be published next month, the company says.
The move to cloud computing might not necessarily introduce new vulnerabilities into current applications, but because many applications were not originally written for shared environments, they should get a new level of review before rolling them out in the cloud, says Brian Chess, founder and chief scientist at Fortify.
"In many cases, moving to the cloud challenges some of the assumptions that were made when the application was written," Chess says.
For example, some applications assume the use of an internal DNS system, but the cloud environment might use the broader Internet, increasing the chances of exposure to DNS poisoning, Chess observes. Similarly, some applications still rely on Telnet, a protocol that assumes firewall protection that might not exist in the cloud, he notes.
"To fully realize the benefits of cloud computing, customers must trust that infrastructure vulnerabilities -- especially the software that cyberthreats target more and more -- don't compromise the cloud's shared services or open new avenues for hackers to access private information or disrupt business processes," says Dave Cullinane, chairman of the board and co-founder of the Cloud Security Alliance.
The new cloud-specific capabilities in Fortify 360, an on-premise solution for Software Security Assurance, enables users to test for security issues specific to the cloud; produce a Cloud Readiness Scorecard, which rates an application from weak to strong depending on the number of minor or major fixes required before the application should be moved to the cloud; mitigate vulnerabilities; and then deploy applications safely within cloud environments, Fortify says.
Fortify on Demand, a set of hosted software-as-a-service (SaaS) solutions that allow organizations to test and score the security of all software with greater speed and accuracy, tests for security issues specific to the cloud and provides a Cloud Readiness Scorecard, Fortify says.
The new cloud capabilities, including the Cloud Readiness Scorecard, will be generally available in Fortify 360 and Fortify on Demand later this quarter.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.