New Products and the Security Afterthought

To stay ahead of the competition, developers are pressured to bring new apps to market on more accelerated timelines than in previous years. This sometimes leads to product security hastiness with companies not thinking about security vulnerabilities associated with a product until after it hits the market and impacts customers.

A good understanding of customer needs, the competitive environment and user requirements are key factors for success of new applications. For customers the main drivers are cost, time and quality. These competing priorities mean there are many uncertainties and challenges around security throughout the product development process. Therefore, developers must get in front of software security issues by analyzing the full spectrum of risks and developing a product line roadmap with security in mind from the start. By doing so, development teams are not just building products that work as intended, but that work only as intended.

In the enterprise this is of particular importance as employees bring their own devices and applications into the workforce. This opens up enterprise networks to applications and use cases not traditionally considered threats. Many of these issues arise because of the main characteristic of BYOD is that the employee owns and maintains the device. As a result, the company will have much less control over the device in comparison to a device owned by the company. Enterprises can effectively protect themselves with products like Bitdefender’s GravityZone but would still be well served to watch BYOD closely.

When BYODs bypass inbound filters normally applied to corporate devices, they're vulnerable to malware—particularly with Android devices. BYOD that bypass outbound filters elevate risk of non-compliance with data privacy laws and regulatory requirements. As BYOD use grows, so will the frequency of these risky behavior including apps with security deficiencies.

Security experts report that over 75% of all apps have been hacked. The enterprise app market is on the rise and so are the security risks. Companies with BYOD policies are now placing more focus on mobile device management and security for mobile apps to protect company information.

For developers, cybersecurity considerations such as these should not be an afterthought in the software development process; it should be the first thought. As applications, systems and devices fall victim to hacks, developers should not be tempted to assume that consumers have become desensitized to the problem.

Building cybersecurity into the front end of the software development process is critical. Best in class developers leverage ISO standards & practices, perform regular penetration testing on their development environment, and use advanced security code scanning tools to ensure the end-to-end integrity of products.

For CIOs, new BYOD enabled Enterprise must be made aware of what end-user apps are being used by employees and cognizant of the security implications of these apps, and prepare their network for all eventualities!

As always, thoughts and ideas are my own. This insight wouldn't be possible without the help of my associates at Bitdefender.