David Gitlin, Director of Technology, LoanLogics

I’m back with my second post myth busting common beliefs about the cloud. Part 1 discussed myths surrounding deployment and cost .  Today’s post focuses on our final three cloud myths surrounding security, development and scalability.

3. Myth: The Cloud is less secure then traditional hosting Or Cloud providers will be responsible for all aspects of data security
All these points are simply false. Large cloud companies such as Amazon and Microsoft have huge financial resources at their disposable, and can, and do hire the best security experts in the world. Experts that are available 24×7. Few companies or hosting services can afford this level of staffing. The size of the major cloud providers and the resources available to them also enable them partner with third party best of breed security providers. Also, cloud services are built with security baked in rather then bolted on afterwards. Further the cloud is capable of offering cloud native solutions for identity verification and user Sign-Up, Sign-In, and resource Access Control. AWS Cognito is one example of a cloud-native strategy for managing user verification and access rights. The cloud also provides mechanism to automate security tasks not generally available in other environments.

It is true that organizations are still responsible for locking down their own software. And failure to pay attention to security best practices when building or managing security can lead to security issues. Building cloud native software is not a panacea for not following security best practices. Development and DevOps teams are still responsible for securing their code, data access and ensuring that best practices are followed concerning managing users.

4. Myth: Cloud software development is just like development in standard hosting environments or there is nothing special to learn about software development for the cloud
No and No again! As stated above the cloud can be used like an old-fashioned hosting service in the same way you can ignore object-oriented principles and write a procedural application with an object-oriented language. You can, but what purpose would this serve? The impact of cloud computing on application development is itself a complex topic deserving of its own blog entry. The cloud offers unique services that are transformational and highly impactful on how software is developed, deployed, and used. Cloud native software that fully integrates these services is not the same as software developed for other traditional environments. In future blog entries we will explore the impact of the cloud on how software development is performed.