Security: an ongoing challenge with new dimensions

Software security has and continues to be a top line issue for most organisations, yet software and IT teams still continue to produce and deploy insecure code and applications with serious consequences for the brand, reputation and, of course finances of their customers and their own organisation.

Of course security architects and the software development and delivery team are not entirely at fault nor can they expect to bear the brunt of the changes required.

With the software security challenges exposed by the development and deployment of platforms such as cloud computing or virtualisation in today’s multi device and complex interconnecting software systems, the software development and delivery team can no longer solely rely on traditional methods and concerns for detecting vulnerabilities in software. We need a better understanding of the software security landscape in relation to the application lifecycle process within IT organisations today.

Evolution of role, delivery and deployment

What is required is a focus that goes beyond code development and design, bringing into the software lifecycle process security considerations that may address a broader range of issues.  Such issues will target infrastructure, hardware, process execution, policy and organisational and user behaviour and culture.  All of this is a much wider remit that will extend the skills and responsibilities of security architects and the software development and delivery team, making them more accountable and exposed. It will also have an impact on relationships with other key roles that have a stake in the software and application lifecycle. More importantly it will require greater involvement from the start.

To deal with the software security challenges exposed by the development and deployment of platforms such as cloud computing, virtualisation etc. we need a better understanding of the software security landscape in relation to the application lifecycle process within IT organisations today. We need to ask those involved in the software and IT development, delivery and lifecycle management process questions that can expose their current practices. More importantly how they recognize and address software security challenges that are presented by variety of deployment platforms and application architectures in play today (e.g. Web, mobile, virtualised desktops and production environments etc.).

We must look at how software security risks are identified and how much importance is placed on the governance, education and training process.

Software Security Survey to get our bearings

Creative Intellect Consulting is working with independent organisations such as (ISC)2 and IASA – to survey their communities in order to understand  the security challenges facing software security architects, software developers and in general the software delivery team in building applications deploying to multiple runtime platforms and environments (e.g. cloud, mobile devices, virtualised, web). This is especially necessary as software applications are being accessed in multiple ways by an ever more mobile user audience with high expectations for engagement and experience.

This survey will address whether software security is handled better within certain industries and why? What are the trigger points and drivers for actively engaging in, improving or evolving a software security strategy and how important a role does tooling and automation play?  These are important questions for determining how capable IT organisations are in dealing with software and application security effectively now and in the future.

The answers will allow many interested parties to anticipate the gaps and holes that are currently preventing IT organisations from tackling software security appropriately and successfully. It will also offer suggested strategies to improve an organization’s ability to do so in the light of evolving deployment environments and delivery models.

It is vital that software is developed correctly and effectively but also securely, not least because the alternative creates a barrier to future innovation and has a detrimental impact on the end user’s overall experience and capacity to trust.

The survey link for our readers is: http://www.surveymonkey.com/s/SecuritySurvey-CIC

All respondents who complete the survey will get a copy of the full report and be entered into a draw to win a half day consulting session with Creative Intellect Consulting Ltd in the field of software delivery and application lifecycle management. The winner will be notified by 6th December 2010.