Application Development has for many years and still remains regarded by some as a Black Art, taking a special skill that only a select few individuals possess. Sure teams of individuals can try and replicate the Black Art, but they still struggle to attain what a “single mind” of an expert architect or developer can achieve backed by a skilled and dedicated team. Now bring in the requirement to combine the skills of the expert developer or architect with the knowledge of security that can protect against a dedicated hacker, and the threshold requirements for success become exponentially higher for organisations wishing to create secure applications that delight users and customers.
That is where ISG come in. We have dedicated ourselves to the niche described as Secure Development, or more fully described as development on secure platforms using programming standards, methodologies and tools based on the latest research into secure development. To assist our clients we work with the advanced methods and tools, combining both Open Source and proprietary technologies within an Agile framework. Using tools like SBM, Dimensions and Fortify from Micro Focus for maintaining control over development activities, our consultants use a secure development lifecycle focussed on delivery of well tested code that conforms to secure coding standards established by Microsoft and OWASP. For further details visit www.microfocus.com www.microsoft.com/en-us/securityengineering/sdl www.owasp.org
Some of the key challenges I am seeing regarding development projects are:
With these emerging challenges security is often overlooked until it is too late. This leads to the implementation of new applications which have less than optimal security and creates a need to retro fitting changes into new applications. This is akin to the local utility ripping up the brand-new foot path laid by the local council to lay new service lines because of poor planning across organisations.
There is no single answer to addressing these challenges. A good place to start is to understand the level of maturity of practices the organisation wishes to target and the timeframe by which you as an organisation wants to implement that maturity. That maturity may differ by process, so undertaking a study to determine the desired maturity levels across the various parts of the IT and Business units is a great place to start.
As part of determining an improvement plan for the organisation tools are often a key part of any capacity uplift. Those tools can range from portfolio management , resource planning, and project management tools, software code management tools, release planning and management tools, and release automation tools to push out and roll back releases into IT environments. Depending on the speed and volume of changes which an organisation wishes to adopt and the size and number of the projects being conducted a different mix of tools could be used to achieve the targeted results. However to assure security within your environment what is critical is that you maintain a considered and planned effort around the changes and consider security as part of your improvement journey.
For more information on how to start considering what your journey could look like and the benefits you will be able to generate please contact John Frisken on 1300 66 33 58 or email [email protected] If you wish to discuss any parts of this blog article you are welcome to email the writer on [email protected]