Sunday, December 15, 2013

Application Security: An Afterthought for Most Organizations


My comment on this article from Infosecurity - The PonemonInstitute: Most Organziations are Woefully Behind in Application Security  was too long for LinkedIn where I found the original link so I stuck it out here.  A relevant and I think fairly accurate assessment when it comes to corporate IT application developers and security practices.  A generalization but a lot application developers are not adequately educated when it comes to application security practices.  Security is seen as a checkpoint item somewhere in the project lifecycle (if at all) versus integrated into the SDLC.  Another force at work is the relationship between the application developer and the security team.  It's not always a healthy one where application developers perceive correctly or not the security team's mission of just saying no.   

The other big elephant in the room is that the current security practices installed in most of the corporate world is the perimeter based defense approach to security, i.e. firewalls, proxies, dmzs etc.  This gives the application developer a false sense of security for their internally hosted applications and as result internal breaches account for some of the more devastating security breaches.  It's possible that the emerging thoughts around zero trust networks will help address this but it's certainly in the early stages.

From my viewpoint in the enterprise architecture world I think seeing security as a strategic enabler versus a defense or checkpoint can give an organization the ability to innovate at a far faster pace than those that do not.  Those that perceive security as a necessary evil or a drag on their efforts will struggle to keep up.  The great challenge of course is elevating security to that strategic enabler role and getting application developers to understand the importance.  Again an excellent article and a must read for CIOs and Enterprise Architects.

5 comments:

Jesika said...

Thank you for your post. This was really an appreciating one. You done a good job. Keep on blogging like this unique information with us.

Cloud Computing Training in Chennai

Mary Gooven said...

Great. I also can recommend you data room review to understand how to secure data!

Toby Valentine said...

Thank y for this article.
security-online.net

Nikshitha S said...

Excellent post!!!. The strategy you have posted on this technology helped me to get into the next level and had lot of information in it.
cloud computing training in chennai | cloud computing courses in chennai

red hat training said...

Great one thanks for sharing

red hat certification training in chennai | rhce training in chennai | red hat training in chennai |red hat certification in chennai