SECURITY FIRST FRAMEWORK
Mitra’s Security First Framework guides the design, build and operation of cloud based applications and systems so that they are as secure as it is possible to be, from inception to deployment and throughout in-life operation.
SECURITY FIRST FRAMEWORK
Mitra’s Security First Framework guides the design, build and operation of cloud based applications and systems so that they are as secure as it is possible to be, from inception to deployment and throughout in-life operation.
Why is a security framework for cloud application development important?
At Mitra we understand the challenges, and the heightened risks that cloud presents where underlying technologies, processes and services are being updated on a regular basis. In response to this, we specialise in designing, building and operating highly-secure cloud-native applications.
We work with customers during the design process to ensure security is treated the same way as QA and DevOps; that security is designed in from the outset, rather than something that is bolted on at the end. And moreover that the QA approach and the DevOps design are aligned towards security. As it is significantly less expensive to eliminate security issues during the design phase rather than at later stages in the software development life-cycle.
Why is a security framework for cloud application development important?
At Mitra we understand these challenges, and the heightened risks that cloud presents where underlying technologies, processes and services are being updated on a regular basis. In response to this, we specialise in designing, building and operating highly-secure cloud-native applications.
We work with customers during the design process to ensure security is treated the same way as QA and DevOps; that security is designed in from the outset, rather than something that is bolted on at the end. And moreover that the QA approach and the DevOps design are aligned towards security. As it is significantly less expensive to eliminate security issues during the design phase rather than at later stages in the software development life-cycle.
Cloud providers continually evolve their security best-practice guidelines, which have to be incorporated as a basic part of any application design. It can be hard for an organisation to keep up with every change. Because Mitra is working across multiple secure applications for various customers, it ensures that all applications benefit from the latest best practice approaches.
Modern cloud utilises infrastructure as code (IaC), where detailed sets of cloud provisioning instructions are defined as scripts, which are used to orchestrate how containers, processes and services are instantiated. This IaC can be treated the same as normal code, it can be versioned and validated well in advance of code ever being deployed, with test cases written to ensure any subsequent changes aren't going to weaken the application security.
During the build phase, we ensure that design principles are applied to code development, and apply the test patterns created during design to the code in development to assure it from a security standpoint.
Cloud providers continually evolve their security best-practice guidelines, which have to be incorporated as a basic part of any application design. It can be hard for an organisation to keep up with every change. Because Mitra is working across multiple secure applications for various customers, it ensures that all applications benefit from the latest best practice approaches.
Modern cloud utilises infrastructure as code (IaC), where detailed sets of cloud provisioning instructions are defined as scripts, which are used to orchestrate how containers, processes and services are instantiated. This IaC can be treated the same as normal code, it can be versioned and validated well in advance of code ever being deployed, with test cases written to ensure any subsequent changes aren't going to weaken the application security.
During the build phase, we ensure that design principles are applied to code development, and apply the test patterns created during design to the code in development to assure it from a security standpoint.
During the operating phase, various principles apply to mandating security. An example is where a process that has done its job is then torn down, so that any malignant activity is negated and a new instance is spun up when next required. While this should have already been mitigated at the design stage, additional layers of security testing can be applied to ensure that cloud components are being utilised appropriately and in accordance with the security design.
Mitra has a formal Security First Framework that it uses to ensure that any cloud applications it helps to design, develop or operate are highly-secure. Highly-secure means that there is security in depth, with multiple layers of protection, from very early in the design stage through to live operation. Security First Framework consists of several tools and approaches that are used to assure cloud applications security. This framework evolves over time, as new security issues are reported by security experts and new best practice approaches are promulgated by cloud platform providers, so that any application based around Mitra's Security First Framework is constantly up to date in terms of its security.
While it is not possible to be 100% secure, Mitra's Security First Framework maximises cloud application security.
During the operating phase, various principles apply to mandating security. An example is where a process that has done its job is then torn down, so that any malignant activity is negated and a new instance is spun up when next required. While this should have already been mitigated at the design stage, additional layers of security testing can be applied to ensure that cloud components are being utilised appropriately and in accordance with the security design.
Mitra has a formal Security First Framework (SFF) that it uses to ensure that any cloud applications it develops are highly-secure. Highly-secure means that there is security in depth, with multiple layers of protection, from very early in the design stage through to live operation. SFF consists of several tools and approaches that are used to assure cloud applications security. This framework evolves over time, as new security issues are reported by security experts and new best practice approaches are promulgated by cloud platform providers, so that any application based around Mitra's SFF is constantly up to date in terms of its security.
While it is not possible to be 100% secure, Mitra's SFF maximises cloud application security.
