Security is one of the most urgent IT issues for ISVs (Independent Software Vendors) today. As more and more applications, data and users are migrated from the on-premise data centre to the cloud, the vulnerabilities increase. How does cloud security differ from traditional on-premise security and what does this mean for ISVs?
This blog describes two areas of particular importance to ISVs: infrastructure and application development.
The first difference is the way infrastructure is secured. On the servers in your own data centre, you are responsible for implementing all the right security measures for the systems and data. However, it is also your challenging task to manage and update the environment and respond to threats or attacks; nowadays a daily job.
Therefore, it is much more beneficial – especially for small and medium-sized ISVs – to use infrastructure from the cloud. The economies of scale and specialized teams of cloud providers offer a level of infra security that goes far beyond what most ordinary companies can offer in terms of money, skills and resources. Think: specialized, 24/7 security teams, back-up and disaster recovery, large-scale automation, use of AI and machine learning, and more.
Another major difference lies in application development. In traditional development, writing the code and securing the application are different processes with separate, often siloed teams. In addition to being a lengthy process, this method often means more bugs and misconfigurations on release and therefore more vulnerabilities.
But now there is the cloud. More and more ISVs are developing their web or mobile apps directly in the cloud, using all the technology, best practices and tools available there. DevOps is the standard for developing applications, with short pieces of code as microservices and Kubernetes as the orchestration platform to deploy them.
The difference with on-prem development is twofold. Firstly, security issues and possible cyber threats are anticipated in advance and included in the code. Secondly, shorter development cycles with smaller code components means that bugs are discovered much more quickly. In parallel, later security updates of small pieces of code have far less impact on the whole application than in traditional development.
What does this mean for ISVs? Some ISVs are already working fully in the cloud, but the majority are taking the first steps in migration, with some workloads in the cloud and some on premises in a hybrid environment.
They will soon notice the benefits for their business in, for example, patch management, compliance, MFA, automated roles. However, many will also experience a knowledge gap; that's only natural with such a big change. Don't let that put you off; find the help you need to get you started. Online or with a specialist partner. There is a variety of webinars, workshops, assessments, best practices and hands-on advice waiting for you and your business future.
The cloud brings a raft of new security tools, techniques and best practices for ISVs to protect their software, data and users. We at Insight have been working with partners like you across Europe for many years, providing valuable time, knowledge and support in many (hybrid) cloud scenarios.
Contact one of our cloud specialists to find out how we can support you in optimizing your cloud costs in line with your business goals, whether you are designing your first workloads in the cloud or work entirely cloud-based.
This article is part of a series of articles based on Microsoft’s WAF (Well-Architected Framework), where you find much more helpful guidance. WAF improves the quality of workloads operating in the cloud by focusing on a set of common architecture principles, including cost optimization, operational excellence, performance efficiency, reliability and security.
As a multi-vendor software licensing, workload and platform specialist, we can guide you through all stages of your strategic cloud journey with a series of workshops, assessments, services and best practices. From the first exploration of cloud or hybrid opportunities and benefits to support and optimization after migration. No matter where you are in your journey, we help you to find new ways forward and accelerate your business.