Atlantic.Net Blog

5 Tips to Optimize Cloud Security for Developers

Editorial Team
by Atlantic.Net (219posts) under HIPAA Compliant Cloud Hosting

If it’s a popularity contest, cloud is winning.

February 2014’s State of the Cloud Survey gathered information and perspectives on cloud computing from 1068 IT executives throughout a broad spectrum of economic sectors. 24% of those who completed the survey were from enterprises employing 1000+ people. This year’s results show that cloud has exceptionally high acceptance, with 94% of companies either using cloud applications or Infrastructure as a Service (IaaS; also called Hardware as a Service, or HaaS). 87% of companies are at least partially integrated with a public cloud while 74% either have a hybrid cloud in place or are planning a transition to that model.

5 Tips to Optimize Cloud Security for Developers

As the survey report indicates, cloud adoption has “reached ubiquity.” Part of the reason that’s the case is that security concerns have receded. The percentage of survey respondents who view cloud security negatively fell in both the Cloud Beginners and Cloud Focused groups (terms used by the research team that refers, respectively, to those starting their first cloud projects and those with business systems that rely on a substantial amount of cloud technology). In fact, many computing experts have considered the cloud – especially in its private sense – to be secure for years, assuming the right configurations and safety protocols are in place: the US Department of Defense started using cloud computing in 2011.

Regardless of how secure the cloud can be, the security of a particular cloud environment can be better or worse based on what protections are in place. John Grady of, in an article published in June 2014, offers five tips that can improve the security of a cloud-based development environment.

1. Data breaches

The biggest concern of developers, says Grady, is a data breach. Building an application that is fully compatible with all operating systems and devices is complicated enough without having to worry about code theft. However, for developers, just a few lines of lost code could mean that the script must be regenerated from scratch and that – worst-case scenario – a copycat application is released using the leaked snippet.

A trusted way to defend against a data breach incorporates encryption technology and the management of user permissions. You want to be sure that all data is encrypted, especially when it is in motion – moving from a client device to the cloud or between devices. Your cloud service provider (CSP) also should not be able to access any of your files or content. As Grady notes, “Oversight… Is the mandate of a reputable vendor.”

2. Problematic APIs

Two major security issues arise from application programming interfaces (APIs). One is that CSP’s use them to control access, but malicious parties can extend the interfaces to give themselves a full range of privileges.  A recent example of that was the discovery by a French computer scientist that you can perpetrate a brute-force attack via iOS to hack any Tesla Model S, by manipulating the API that the carmaker engineered itself. Another security loophole could arise when open-source APIs are integrated with projects, giving users broader permissions accidentally.

The standard rule of thumb for APIs, says Grady, is minimalism. It’s best to create the entire API yourself, but if you do use anything from an outside party, make sure you have a comprehensive understanding of the external code prior to integration.

3. Distributed denial

The dreaded distributed denial of service (DDoS) attack is one of the top concerns for any developer because it can completely shut you out from your system, and you can’t know if your code will be corrupted or not until everything is back running properly.

A major problem with DDoS, though, is not the attack itself but its strength as a decoy.  Distributed denial of service causes a state of emergency, and many providers forget about other security tools such as firewalls while the attack is underway.

Your cloud provider must have adequate brute-force detection systems in place, along with strong disaster recovery mechanisms. Research your CSP so that you know how often they have downtime and how quickly the cloud platform was fully recovered.

4. Resource compromise

Many developers benefit from the cost-effective performance of the public cloud, which disburses resources on demand (as needed). Because of the structure of the cloud, some malicious parties now hack resources, claiming and using cloud power for their own purposes. This tactic can increase your latency and malware risk.

Security and scanning tools that track resources and sense intrusion can be used both within private cloud hosting and on client devices, by developers and their CSP’s.

5. Multi-tenancy

Although a cloud computing system is much more sophisticated than shared hosting, it does have one major element in common with them: multi-tenancy. In a public cloud environment, it’s possible that your data could be stored in proximity to code that becomes corrupted or gets analyzed by the government. Know what your service-level agreement (SLA) stipulates in terms of information release to law enforcement. Apple specifically states that it doesn’t provide any data from its cloud to outside parties unless a warrant is presented, but some CSP’s leave themselves with the right to comply so they don’t risk a general shutdown.

A CSP that deserves your business

You can see from the above five tips that wisely selecting a cloud service provider is a fundamental step to increase your security. Just because the cloud is new does not mean your hosting company should be. Atlantic.Net has been in business since 1994, and we offer best-in-class cloud server hosting with no contracts and no commitments, live in 30 seconds. We also offer HIPAA cloud hosting services.

By Moazzam Adnan

Start Your HIPAA Project with a Free Fully Audited HIPAA Platform Trial!

HIPAA Compliant Compute & Storage, Encrypted VPN, Security Firewall, BAA, Offsite Backups, Disaster Recovery, & More!

Start My Free Trial

Looking for HIPAA Compliant Hosting?

We Can Help with a Free Assessment.

  • IT Architecture Design, Security, & Guidance.
  • Flexible Private, Public, & Hybrid Hosting.
  • 24x7x365 Security, Support, & Monitoring.
Contact Us Now!
Stevie Gold Award Med Tech Award

SOC Audit HIPAA Audit HITECH Audit

Case Studies

White Papers


HIPAA Partners

Recent Posts

Get started with 12 months of free cloud VPS hosting

Free Tier includes:
G2.1GB Cloud VPS Server Free to Use for One Year
50 GB of Block Storage Free to Use for One Year
50 GB of Snapshots Free to Use for One Year

New York, NY

100 Delawanna Ave, Suite 1

Clifton, NJ 07014

United States

San Francisco, CA

2820 Northwestern Pkwy,

Santa Clara, CA 95051

United States

Dallas, TX

2323 Bryan Street,

Dallas, Texas 75201

United States

Ashburn, VA

1807 Michael Faraday Ct,

Reston, VA 20190

United States

Orlando, FL

440 W Kennedy Blvd, Suite 3

Orlando, FL 32810

United States

Toronto, Canada

20 Pullman Ct, Scarborough,

Ontario M1X 1E4


London, UK

14 Liverpool Road, Slough,

Berkshire SL1 4QZ

United Kingdom