Without properly understood, well-documented, and tracked software requirements, one cannot expect the software to function without failure or to meet expectations. Software development projects that lack security requirements can potentially suffer from the threats to confidentiality, integrity and availability.
Properly defining and documenting Security and Privacy requirements makes the measurement of security objectives or goals once the software is ready for release or accepted for deployment.
InterSec has deep understanding and experience of Cloud Security requirements based on our work at USDA-NRCS. We helped client develop customized Cloud Security Requirements based on NIST 800-53 Rev4 and FedRAMP with RACI matrix to significantly ease cloud adoption.
Cloud Security Architecture and Design
One of the most important phases in the systems development life cycle (SDLC) is the architecture and design phase. During this phase, system specifications are translated into architectural blueprints that can be coded during the coding phase that follows.
Attack surface evaluation using threat models and misuse case modeling, control identification, and prioritization based on risk to the business or mission are all essential software assurance processes.
We have assisted DoD and USDA-NRCS with security architecture and desgin for cloud hosted applications in IAAS and PAAS cloud deployment models.
Cloud Data Security
Data security is a core element of cloud security. Cloud Service Providers will
often share the responsibility for security with the customer.
The data life cycle guidance provides a framework to map relevant use cases
for data access, while assisting in the development of appropriate controls within
each life cycle stage.