Following Sun Microsystems' release of open source applications to support its secure cloud computing, Fortify is advising companies to security tests customised open source before deployment.
"Given the significant savings to be had from using open source applications, Sun's strategy is security testing at all stages in the customisation process," explains Richard Kirk, European director with the application vulnerability specialist.
"It's also good to see Sun announcing its support for the new security guidance from the Cloud Security Alliance, since this means that its open source apps will support the best practice guidelines, which is essential when supporting a private cloud infrastructure," he adds.
According to Kirk, while the use of encryption and VPNs (to extend a secure bridge between a company's IT resource and a private cloud facility) is very positive – especially now that Amazon is best testing its pay-as-you-go private cloud facility – it's important that the underlying application code is also secure.
"Sun's strategy in opting for open source cloud security tools – including OpenSolaris VPC Gateway, Immutable Service Containers, Security Enhanced Virtual Machine Images and a Cloud Safety Box – is excellent news on the private cloud security front," advises Kirk.