Fortifywhite papers help cloud infrastructure providers and customers understand how to unlock the full benefits of the cloud through software security

05 July 2010

Fortify® Software's two new white papers, one business-oriented and one technical, intended to help cloud infrastructure providers and their customers understand how to unlock the full benefits of the cloud through software security.

The company also announced new capabilities in its Fortify 360 and Fortify on Demand products that include cloud-specific vulnerability analysis, the industry’s first software security Cloud Readiness Scorecard™, and remediation capabilities that enable teams not just to evaluate the readiness of their software for cloud environments, but to find and fix security vulnerabilities that could be caused specifically by a move to a cloud environment. The solutions are ideal for both enterprises and agencies that are considering a move to the cloud, and cloud providers that offer shared infrastructure services to clients.

“The shared nature of the cloud dramatically amplifies the need for software security,” said Brian Chess, Ph.D., Founder and Chief Scientist at Fortify Software. “Through an aggressive education campaign and our new product capabilities, we hope to make it easy for cloud providers and cloud consumers to understand and deploy secure software that can be trusted in any environment and unlock the full benefits of the cloud.”

In its report titled, “Security Guidance for Critical Areas of Focus in Cloud Computing” (Dec. 2009), the Cloud Security Alliance defined numerous benefits of the cloud: “Cloud enhances collaboration, agility, scaling, and availability, and provides the potential for cost reduction through optimized and efficient computing.”

“To fully realize the benefits of cloud computing, customers must trust that infrastructure vulnerabilities – especially the software that cyber-threats target more and more – don’t compromise the cloud’s shared services or open new avenues for hackers to access private information or disrupt business processes,” said Dave Cullinane, Chairman of the Board and Co-Founder of the Cloud Security Alliance.

Fortify’s new business white paper, called “Capturing the New Frontier: How Software Security Unlocks the Power of Cloud Computing”, is intended for anyone involved in evaluating a move to the cloud so that they understand and can address the unique software security risks of the cloud. The technical white paper, called “Software Security in the Cloud: A Technical Perspective”, is aimed at security practitioners and developers interested in gaining a deeper technical understanding of the vulnerabilities inherent to a cloud environment, and how to take action to mitigate these vulnerabilities.

The new cloud-specific capabilities in Fortify 360, an on-premise solution for Software Security Assurance, enables users to test for security issues specific to the cloud; produce a Cloud Readiness Scorecard, which rates an application from weak to strong depending on the number of minor or major fixes required before the application should be moved to the cloud; mitigate vulnerabilities; and then deploy applications safely within cloud environments.

Fortify on Demand, a set of hosted Software-as-a-Service (SaaS) solutions that allow any organization to test and score the security of all software with greater speed and accuracy, is the industry’s first SaaS-based software security solution to test for security issues specific to the cloud and to provide a Cloud Readiness Scorecard.

“Like immunizing themselves against infection, cloud providers can use Fortify 360 or Fortify on Demand to ensure that bad code introduced by one or more customers doesn’t contaminate their cloud offering. They can also create premium offerings around applications or infrastructure where software security has been rigorously applied,” said Chess. “For cloud consumers, our products can ensure that their code is secured and that they can trust their software before the move to this unique shared environment.”

“Capturing the New Frontier: How Software Security Unlocks the Power in Cloud Computing” and “Software Security in the Cloud: A Technical Perspective” are available via the Fortify web site.