Enforcing End-to-End Application Security in the Cloud
Security engineering must be integrated with all stages of application specification and development to be effective. Doing this properly is increasingly critical as organisations rush to offload their software services to cloud providers. Service-Level Agreements (SLAs) with these providers currently focus on performance-oriented parameters, which run the risk of exacerbating an impedance mismatch with the security middleware. Not only do the authors want cloud providers to isolate each of their clients from others, the authors also want to have means to isolate components and users within each client's application.