Sunday, December 15, 2013

Application Security: An Afterthought for Most Organizations


My comment on this article from Infosecurity - The PonemonInstitute: Most Organziations are Woefully Behind in Application Security  was too long for LinkedIn where I found the original link so I stuck it out here.  A relevant and I think fairly accurate assessment when it comes to corporate IT application developers and security practices.  A generalization but a lot application developers are not adequately educated when it comes to application security practices.  Security is seen as a checkpoint item somewhere in the project lifecycle (if at all) versus integrated into the SDLC.  Another force at work is the relationship between the application developer and the security team.  It's not always a healthy one where application developers perceive correctly or not the security team's mission of just saying no.   

The other big elephant in the room is that the current security practices installed in most of the corporate world is the perimeter based defense approach to security, i.e. firewalls, proxies, dmzs etc.  This gives the application developer a false sense of security for their internally hosted applications and as result internal breaches account for some of the more devastating security breaches.  It's possible that the emerging thoughts around zero trust networks will help address this but it's certainly in the early stages.

From my viewpoint in the enterprise architecture world I think seeing security as a strategic enabler versus a defense or checkpoint can give an organization the ability to innovate at a far faster pace than those that do not.  Those that perceive security as a necessary evil or a drag on their efforts will struggle to keep up.  The great challenge of course is elevating security to that strategic enabler role and getting application developers to understand the importance.  Again an excellent article and a must read for CIOs and Enterprise Architects.

10 comments:

Unknown said...

Great. I also can recommend you data room review to understand how to secure data!

Unknown said...

Thank y for this article.
security-online.net

Unknown said...

nice post thanks for sharing....

Jai Technomind said...

Great one, Thanks for sharing


Big data and Hadoop Training in Chennai | Node js Training in Chennai

krish said...

Nice Blog..Thanks for sharing this helpful article..
IEEE Project Center in Chennai | Best IEEE Project Center in Chennai | No.1 IEEE Project Center in Chennai | IEEE Project Center in Velachery

srihariparu said...

Great Article...Thanks for sharing the best information...
Mat Lab Project Center in Chennai | IEEE Mat Lab Projects in Velachery

mary Brown said...

Great Article
Information Security Projects for CSE Students
Project Centers in Chennai



JavaScript Training in Chennai
JavaScript Training in Chennai

Venkatesh CS said...

Excellent Blog. Thank you so much for sharing.
hadoop interview questions
Hadoop interview questions for experienced
Hadoop interview questions for freshers
top 100 hadoop interview questions
frequently asked hadoop interview questions
hadoop interview questions and answers for freshers
hadoop interview questions and answers pdf
hadoop interview questions and answers
hadoop interview questions and answers for experienced
hadoop interview questions and answers for testers
hadoop interview questions and answers pdf download
hadoop interview questions pdf

Vale Co Xenia said...


IEEE Projects on Cloud Computing



JavaScript Training in Chennai


Final Year Projects for CSE



JavaScript Training in Chennai

siva said...

Thanks for sharing your innovative blog, it's more interesting.
salesforce course
best interview tips
professional courses after bsc
list of data analysis software
oracle interview questions for freshers
interview questions on pega