New Products and the Security Afterthought
Evan Kirstel B2B TechFluencer
Create??Publish???Amplify?? TechInfluencer, Analyst, Content Creator w/600K Social Media followers, Deep Expertise in Enterprise ?? Cloud ??5G ??AI ??Telecom ?? CX ?? Cyber ?? DigitalHealth. TwitterX @evankirstel
To stay ahead of the competition, developers are pressured to bring new apps to market on more accelerated timelines than in previous years. This sometimes leads to product security hastiness with companies not thinking about security vulnerabilities associated with a product until after it hits the market and impacts customers.
A good understanding of customer needs, the competitive environment and user requirements are key factors for success of new applications. For customers the main drivers are cost, time and quality. These competing priorities mean there are many uncertainties and challenges around security throughout the product development process. Therefore, developers must get in front of software security issues by analyzing the full spectrum of risks and developing a product line roadmap with security in mind from the start. By doing so, development teams are not just building products that work as intended, but that work only as intended.
In the enterprise this is of particular importance as employees bring their own devices and applications into the workforce. This opens up enterprise networks to applications and use cases not traditionally considered threats. Many of these issues arise because of the main characteristic of BYOD is that the employee owns and maintains the device. As a result, the company will have much less control over the device in comparison to a device owned by the company. Enterprises can effectively protect themselves with products like Bitdefender’s GravityZone but would still be well served to watch BYOD closely.
When BYODs bypass inbound filters normally applied to corporate devices, they're vulnerable to malware—particularly with Android devices. BYOD that bypass outbound filters elevate risk of non-compliance with data privacy laws and regulatory requirements. As BYOD use grows, so will the frequency of these risky behavior including apps with security deficiencies.
Security experts report that over 75% of all apps have been hacked. The enterprise app market is on the rise and so are the security risks. Companies with BYOD policies are now placing more focus on mobile device management and security for mobile apps to protect company information.
For developers, cybersecurity considerations such as these should not be an afterthought in the software development process; it should be the first thought. As applications, systems and devices fall victim to hacks, developers should not be tempted to assume that consumers have become desensitized to the problem.
Building cybersecurity into the front end of the software development process is critical. Best in class developers leverage ISO standards & practices, perform regular penetration testing on their development environment, and use advanced security code scanning tools to ensure the end-to-end integrity of products.
For CIOs, new BYOD enabled Enterprise must be made aware of what end-user apps are being used by employees and cognizant of the security implications of these apps, and prepare their network for all eventualities!
As always, thoughts and ideas are my own. This insight wouldn't be possible without the help of my associates at Bitdefender.
SOAR / SIEM / XDR / ZTNA / IAM
8 å¹´I completely agree that building security in the foundation of the SDLC (Software Development Life Cycle) is critical. It is true that 75% of data breach are due to software vulnerabilities. Tools today have matured such that not only can they scan your code, they can refer you to the actual coding standard and recommend the training for the developer to take so that they are constantly improving their skills and your business can realize ROI by improving coding practices quickly and adapting coding practices to realize better security.
Founder Meribook.com | Coaches, creatives, trainers and marketers - Build authority, share content, build list and get raving fans ???? with our content marketing platform. Create your free profile at Meribook.com
8 å¹´Wow, 75% of all apps have been hacked! That's mind boggling
Solving your customer identity challenges with Auth0 - Senior Solutions Engineer | CISSP | CCSP
8 å¹´Totally agree Evan. Security has to be baked into everything from day one.