Abstract:
Achieving information security and privacy is not a trivial exercise. This becomes much more challenging in the cloud, due to the multi-tenancy nature of cloud ecosystems. We are concerned that the traditional legacy compatible approach to software development is holding enterprises back from achieving effective security and privacy, particularly in the cloud. In this paper we discuss the implications of the traditional approach to software development and question why we stick to this approach, despite the fact that this approach makes the job of security and privacy far more difficult.