4.9 Software Development Lifecycle for the Cloud

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

9 hours 48 minutes
Video Transcription
S T. L C. The software development Life cycle. You may also hear this referred to as the system development like cycle, because it's much more than just hey, I'm running an application or a program, right? There are set of processes that we go through when we develop software or system.
And, really, if we want to properly define the term system, a system is a collection of related elements or actually a collection of separate elements working together for common goal. That could be a computer that could be a kn application.
It even be a department of individual users, depending on the turn. Right, And it's underneath the same element of management. That's another piece of criteria.
So the bottom line is the software development life cycle we consider security threw out.
Now, one of the things that's a little frustrating to me. Anytime I'm studying for tests and you guys that have spins around certification for a long time or probably frustrated by this, too
different entities put out different documents, and sometimes those documents don't mesh 100%.
What I mean by that is here is an example of a software development life cycle
missed also puts out a software development life cycle. There are other entities that say OK, here the seven stages of the SCLC nous might say You're the five stages of this TLC.
The bottom line is the same stuff is happening. Even though you say tomato, I say tomato. And what that, I mean, is if you see a five step software development life cycle, the same stuff is happening. They're just consolidating a couple of steps from our seven step here,
so don't get too overwhelmed by that. It can be very frustrating.
But the bottom line is, software development is going to start with planning might be called an initiation phase in another software development life cycle. But what are we doing here? We're doing a feasibility study. We're looking at our requirements.
This is the first place we start talking about risks and we start talking about security. If we don't talk about it now, why would we talk about it later?
So always the very first stage is where we start with security, but we continue discussing it all the way throughout. So next piece analyzing, defining
what we're looking at here is making sure that we understand the requirements from the customer. So this is the piece where the customer has the greatest input.
So, for instance, we might, in the planning piece, determined we need a database that will store data to be in compliance with HIPPA. When we go to analyzing, defining, the customer tells us what that really means, right? Okay, so that means
we're gonna have data that's protected with 256 bit encryption. That means that we're going to require multi factor authentication.
All those pieces. Okay. So, Maurin depth requirements here
designing this is where our developers figure out the house. So we figure out what the customer gives us, what we're doing in ana. Analyzing and defining our developers. Figure out the how in design. So you tell me you need God protected with 256 bit encryption.
My developers say Okay, we're gonna have to incorporate a yes.
You tell me you need multi factor. Authentication will design access based on password and retina scan. Whatever.
Okay. Uh, then developing. This is where we do the actual coding, right? So, of course we're implementing the security features that we've designed earlier.
Then we test
and we don't just test for function right. We test for security as well. We're no longer asking. Does it work? Is it secure?
Does it work securely or it doesn't work it all. We've got a shift, that mindset
all right. At the end of testing, the product would be certified so it meets its technical requirements, and then the product would go through and accreditation management acceptances. Let's go through this.
All right now
that's where the unit testing, that's where. Certification. We just said all of the different types of testing happened during that face. Once we have a certified, authorized piece of software, we now roll that out into production through implementation. And this is where Operation
Day today,
where the product is functioning well, get it installed. It's running in production and then, of course, maintenance. We monitor. Is it performing as it's expected, or their new vulnerabilities or new threats that materialize? What do we see?
So again, I want to stress to you, you may see a software development life cycle that has five steps were six steps or, you know it's frustrating,
but the bottom line is all the steps of the SCLC start from the very beginning. Initiation. Were you collecting requirements all the way through writing the code, testing the code, maintaining the code, whatever that is. Security starts at the beginning and carries through all the way out
through the end of the software development likes like
Up Next
Certified Cloud Security Professional (CCSP)

This Certified Cloud Security Professional (CCSP) certification course covers topics across six domains, to ensure the candidate has a wide range of competencies and is capable in the assessment and implementation of cloud service solutions.

Instructed By