Developing Secure Applications for the Cloud

By Scott Fitzpatrick

When it comes to utilizing a cloud platform for your application, security is of the utmost importance. Security starts with developers who should tailor their application security practices and strategies to the type of environment their application will be deployed in. Secure development practices can mean the difference between resting easily each night knowing your application protects the consumer data with which you’ve been entrusted, or dealing with the constant threat of a data breach that would keep any good developer on edge.

This article highlights best practices for secure development of applications that will be deployed in a public cloud such as Alibaba Cloud (where you can take advantage of a $300 credit if you’d like to get started with deploying applications to the cloud).

The Art of Protecting Consumer Data

Encrypting data for an application that is deployed to a cloud platform provides new challenges for the development team, as the situation differs greatly from data encryption scenarios they may be accustomed to. When an application does not utilize a public cloud environment (i.e., when it runs on-premises or in a private cloud), the data being encrypted is stored on a server to which the DevOps organization typically has full access and control. This is not the scenario that plays out when an application uses a cloud platform. Therefore, it is important for the development team to take some precautions to assure that the sensitive data employed by the application is adequately protected.

One potential solution (that is often considered a best practice) is to ensure that data is protected through the use of client-side encryption when using a cloud platform. Client-side encryption is an extremely effective tactic for ensuring that data is protected as it is transmitted. This encryption practice is a form of asymmetric data encryption, where the data being sent to the remote server is encrypted prior to it being transmitted. The basic tenants of the strategy are as follows:

● Each time data is uploaded, a public key is used to encrypt the data prior to the data being transmitted to the remote server.
● The encrypted data is then stored on the cloud platform with no reference to the plain-text data.
● When downloading an object, the encrypted data is downloaded, and a private key is utilized to decrypt the encrypted object so that the plain-text data can again be viewed in its original form.

As you can see, this secure development practice provides several benefits. First, the cloud platform maintains no reference to the plain-text data. Thus, the development team can rest assured that the platform’s servers (over which they maintain no real control) are not a concern in terms of security from a data loss standpoint as the data rests on the remote server. The other main benefit is the protection of data in transit. At no point is plain-text data being transmitted to the cloud platform, eliminating the concern over data leakage.

Proper Use of APIs

Alibaba Cloud’s Security Products

Server Guard: A monitoring service that automatically detects intrusions in applications running on Alibaba Cloud.
Anti-DDoS: A service for protecting against Distributed-Denial-of-Service (DDoS) attacks, which can make cloud-based applications inaccessible for users.
Web Application Firewall (WAF): A firewall that cloud admins can use to protect applications and services running in Alibaba Cloud, and automatically disarm attacks based on machine learning.

These services provide the protections that organizations need to mitigate security threats against applications deployed in the cloud.


In today’s climate, where the importance of data security is at an all-time high, simply utilizing an encryption strategy such as client-side encryption can make all the difference in ensuring that a data breach doesn’t occur on your watch. Combine this with careful development to establish proper usage of the API provided by the cloud platform you are using, and you are well on your way to secure development in the cloud.


Follow me to keep abreast with the latest technology news, industry insights, and developer trends.