Developers, the Cloud and Security Concerns

Thought Provoking Survey

So I got to thinking about security and how this relates to developers in particular. This was prompted by a recent read of the findings reported in a survey, “2014: The Year of Encryption” conducted by Egress Software Technologies, of delegates at Europe’s largest information security event Infosecurity Europe 2014. And you know the first and almost overwhelming thought that struck me was how important security should be for these folk. Why? Because by the very nature of their work the information they will be storing, sharing or exchanging will be proprietary and possibly ground breaking. Developers bring new products to market in a very competitive world where keeping one’s secrets secret until the very last moment before publishing can mean the difference to your market lead and thus your ultimate success.

2014 Market Survey Infographic

Market survey 2014: The Year of Encryption

Obvious Risk But…

An obvious observation you would think but then when you read that; “only 17% of those surveyed said their existing secure information sharing system was easy to use” and even more worryingly; “100% of those not interested is security systems admitted to regularly sharing sensitive/confidential data with external third parties”. I wonder if these figures stack-up when applied to developers as a community? I have no research data to refer to here but relying on my twenty plus years experience of working in the IT security arena I would not be surprised if they did.

The Basics

As with most things in this life you can distil security down to the core basic requirements and thereby be sure you are concentrating your effort to find the correct solution for your given situation. When it comes to shared information for the development community my take on it would be something like this:

  • Transfers between team member and the rest of the team
  • Latest version source code
  • Transfers between testing team and development
  • Stored latest beta code

Your view would obviously be different dependant on your circumstances but hopefully you get the idea I’m driving at.

Follow the Data Security

The crucial thing here is the release of information to specific people or groups of people with confidence that only those people and groups can access that information. Additionally you would want to know that these various end points of distribution could not compromise the security by passing on this information in an insecure way to unauthorised people or groups. In other words you would want the security “envelope” to be wrapped around the data and travel with it throughout it’s lifetime. By adopting this “follow the data model” where the secure envelope travels with the data throughout it’s lifetime we have further distilled the core element to one of access control to each data package.

Sounds Complicated

This is all very good stuff but it’s beginning to sound terribly complicated I hear you say. Well that is dependent on the underlying security architecture. It is imperative that the security you adopt is simple and fast to use with maybe no more than one or two extra clicks of the mouse. The focus is sharper still and the distilled core now looks more like this:

  • Follow the Data Security
  • Ease of use

We’re not going to be able to get much sharper than this, so the next step is to review our understanding of the gains to be made by adopting this approach and then to ask can such a system be easily integrated with our legacy systems since cost will also be an issue when asking management for the go ahead.

The Gains that You Win

To measure the gains that you win when adopting a system of follow the data security can best be expressed by a few examples:

We can all imagine the situation where we pass sensitive information to an authorised member of the team who then without thinking forwards this to a third party for either legitimate reasons connected with their job function or should they deliberately passes on the data to deliberately compromise the project. In both cases the data owner will be requested to grant access to this new person.

Or how about the authorised member of the team that has access to the data but subsequently leaves the team. Should they continue to have that access right? With the follow the data security model you can revoke that person’s access rights in real time.

Follow the data security can be used to control access to that data by event, time or date for instance coupled that with a person’s access rights and you have an amazing level of control over the release or access to your shared data.

Follow the data security is there independently of the transport mechanism or for that matter the storage medium.

Follow the data security by its very nature provides an audit trail of who did what to it where and when and what unauthorised attempts to access it were made, also where and when will be recorded.

You can begin to see how flexible this type of system can be, but is it possible and can it be integrated into the way we work and our current architecture?

Describing the Model

For follow the data security to work and work every time it requires that the data owner/creator defines the security to be applied. Such factors as who will be granted access, when is access to be granted are there any time constraints regarding when and for how long.

It’s a given that the underlying tool being used to envelop and secure the data will be encryption. I don’t intend to discuss encryption in any depth here but suffice to say that it must be robust encryption that has been securely implemented and independently certified as fit for purpose. There are few better places to get approval from than the UK Government’s Certified Product Assurance (CPA) programme led by CESG. Adopting a product whose encryption module has been approved through this scheme gives the user the comfort that the product “does what it say on the tin”.


There is absolutely no reason why this type of system could not be inserted into most existing work processes with minimum fuss. When you send email, use file transfer protocols, copy to removable media a rule-based system could kick in and automatically add the encryption layer and ask for the recipients list. By linking the public/private key encryption to the individuals email address it guarantees this unique entity would be the authorised recipient. In this way there is no need for the user to be concerned about key pairs etc. The whole complicated issue of encryption is hidden from the user experience and as a consequence it makes for extreme ease of use.

Securing the Cloud

Hopefully you will see how by adopting follow the data security it has the effect of securing the Cloud. It adds further security by the fact that each data package could have it’s own unique key pair still associated the sender and receiver’s email addresses by different for each exchange made. How does this improve security? It means that should one exchange be compromised it does not affect any previous or subsequent exchange. Each exchange has to be broken or compromised independently.

Follow the data security is the way forward! If you want further information about products certified by CESG visit and for information about Egress Switch large file transfer and file encryption software visit:

By Paul Simms


Established in 2009, CloudTweaks is recognized as one of the leading authorities in cloud connected technology information and consultancy services.

Are you a cloud services expert in a world of digital transformation? If so, contact us for information on how to become part of our growing cloud consultancy ecosystem.


Mitigating Cyberattacks: The Prevention and Handling

Mitigating Cyberattacks: The Prevention and Handling

Mitigating Cyberattacks New tools and technologies help companies in their drive to improve performance, cut costs and grow their businesses ...
Cloud-Based or On-Premise ERP Deployment? Find Out

Cloud-Based or On-Premise ERP Deployment? Find Out

ERP Deployment You know how ERP deployment can improve processes within your supply chain, and the things to keep in ...
Your Office 365 Data Security - Is It Properly Protected?

Your Office 365 Data Security – Is It Properly Protected?

Office 365 Data Security As more and more people collaborate and access data from outside the office and across multiple ...
Matthew Cleaver

Dispelling the Myths of Cloud Solutions for the Small Business

Dispelling the Myths of Cloud Solutions As a business leader, migrating to the cloud can be overwhelming due to the ...
The Internet of Everything: Why The IoT Will Take Over Every Industry

The Internet of Everything: Why The IoT Will Take Over Every Industry

Why The IoT Will Take Over Every Industry It’s a big mistake to think that the Internet of Things will ...
Identity and Access Management: Advancing to Meet the Changing Needs of Passwords and Governance

Identity and Access Management: Advancing to Meet the Changing Needs of Passwords and Governance

Identity and Access Management The identity and access management market continues to grow in a wide variety of industries of ...


Rackspace Extends Managed Security to Google Cloud Platform

Rackspace Extends Managed Security to Google Cloud Platform

SAN ANTONIO, March 21, 2018 (GLOBE NEWSWIRE) -- Rackspace® announced today that Managed Security and Compliance Assistance for Google Cloud Platform (GCP) is now available for preview to new and existing customers that use Rackspace Managed Services for GCP ...
Google classroom

Helping G Suite customers stay secure with new proactive phishing protections and management controls

Security tools are only effective at stopping threats if they are deployed and managed at scale, but getting everyone in your organization to adopt these tools ultimately hinges on how easy they are to use ...
Gartner Says Worldwide IoT Security Spending Will Reach $1.5 Billion in 2018

Gartner Says Worldwide IoT Security Spending Will Reach $1.5 Billion in 2018

By 2021, Regulatory Compliance Will Become the Prime Influencer for IoT Security Uptake Internet of Things (IoT)-based attacks are already a reality. A recent CEB, now Gartner, survey found that nearly 20 percent of organizations ...
BMW raises R&D spending for electric, autonomous cars

BMW raises R&D spending for electric, autonomous cars

Munich (Reuters) - German carmaker BMW (BMWG.DE) will increase research and development (R&D) spending to an all-time high of up to 7 billion euros ($8.6 billion) this year as part of efforts to bring 25 ...
Providers Benchmark Report: Cloud Spectator Releases Annual Top 10 Cloud IaaS

Providers Benchmark Report: Cloud Spectator Releases Annual Top 10 Cloud IaaS

Significant differences persist with price-performance across Public Clouds BOSTON, MA, March 20, 2018 — Cloud Spectator, the industry’s leading benchmarking and cloud consulting firm, today released its 2018 Top 10 Cloud IaaS Price-Performance Benchmark Report ...
Where's Zuck? Facebook CEO silent as data harvesting scandal unfolds

Where’s Zuck? Facebook CEO silent as data harvesting scandal unfolds

Amid calls for investigation and a #DeleteFacebook campaign, company releases an official statement but its figurehead keeps quiet The chief executive of Facebook, Mark Zuckerberg, has remained silent over the more than 48 hours since ...