8028308088?profile=original

In the age of rapid technological progress, where Digital Transformation  has become pervasive, business applications are getting increasingly complex and interconnected.  The advancement in technology has also helped attackers get more aggressive and inflict more damage to IT systems and applications.  Application security tools and techniques are evolving too, yet most organizations still fall prey to vulnerabilities.  Cybersecurity has become a bigger threat than ever before.

The current application security methodologies mainly count on detecting weaknesses and correcting them.  Most organizations, primarily, rely on utilizing penetration testing or automated tools, at the most.  They ignore to concentrate on establishing strong defenses against threats, merely do patch work, and leave the weaknesses unguarded.  A small fraction implement threat modeling, security architecture, secure coding techniques, and security testing—but even they are typically unsure of how these approaches link with their strategic business objectives.

A few weaknesses constitute majority of break-ins--e.g., SQL injections and buffer overflows.  Major security threats and application vulnerabilities include compromised credentials, failure to patch promptly, SQL injections, and cross-site scripting.  A large number of security threats can be neutralized just by taking care of security hygiene.

Secure Software Development

State-of-the-art technology and best practices available today offer effective yet economical methods to prevent security breaches and threats.  These tools and practices work well without affecting the pace of delivery or straining the users unnecessarily.

Secure software development not only warrants analyzing the technology but also looking at the entire organization that creates the software—people, processes, tools, and culture.  Secure software development culture inspires security by promoting and improving communication, collaboration, and competition on security topics and rapidly evolving the competence to create available, survivable, defensible, secure, and resilient software.

Rugged Software and a Culture of Security

Rugged software, or Rugged DevOps, promotes developing secure and resilient software by embedding this practice into the culture of an organization.  A Rugged culture of security is more than just secure—secure is a state of affairs at a specific time whereas Rugged means staying ahead of threats over time.  The rugged code aligns with the organizational objectives and can cope with any challenges.  Rugged enterprises constantly tweak their code and their internal organization—including governance, architecture, infrastructure, and operations—to stay ahead of attacks.  All applications developed by “Rugged” organizations are well-secured against threats, are able to self-evaluate and distinguish ongoing attacks, report security statuses, and take action aptly.

Rugged software is a consequence of the efforts to rationalize and fortify security.  This is achieved by communicating the lessons learnt from experimentation, setting up stringent lines of defense, and adopting and sharing rigid safety procedures across the board.  Adopting Rugged software development practices across the enterprise help execute more applications promptly, improve security, and achieve cost savings across the software development life-cycle.  Rugged software development is cost efficient because of fewer labor and time requisites during the requirements, design, execution, testing, iteration, and training phases of the development life-cycle.

The following 10 guiding principles apply to all organizations aiming to develop a Rugged culture of security:

  1. Perpetual Attacks Anticipation
  2. Staying Informed
  3. Security Hygiene
  4. Continuous Improvement
  5. Zero-defect Approach
  6. Reusable Tools
  7. One Team
  8. Comprehensive Testing
  9. Threat Modeling
  10. Peer Reviews

Let’s discuss the first 5 principles for now.

Perpetual Attacks Anticipation

A Rugged software development organization anticipates nonstop vulnerabilities and attacks—deliberate or accidental.

Staying Informed

Rugged organizations appreciate staying informed about security issues and potential threats, seek recommendations from security specialists, and identify and update security policies and rules.

Security Hygiene

Rugged organizations take good care of their security hygiene by limiting the sharing of user accounts, carefully guarding the passwords and sensitive personal information.  They employ secure software practices.

Continuous Improvement

Continuous Improvement is the management principle foundational to Lean Management that should be embraced by all areas of an organization.  In case, sensitive information is left lying on somebody’s desk at night, Rugged organizations ensure that this does not recur in future and gathers feedback from the people who happen to notice it.

Zero-defect Approach

Rugged organizations leave no room to tolerate any known weaknesses.  An issue is resolved as soon as it is detected.

Interested in learning more about the guiding principles to develop a Rugged culture of security?  You can download an editable PowerPoint on the Culture of Security here on the Flevy documents marketplace.

Are you a Management Consultant?

You can download this and hundreds of other consulting frameworks and consulting training guides from the FlevyPro library.

Votes: 0
E-mail me when people leave their comments –

You need to be a member of Global Risk Community to add comments!

Join Global Risk Community

    About Us

    The GlobalRisk Community is a thriving community of risk managers and associated service providers. Our purpose is to foster business, networking and educational explorations among members. Our goal is to be the worlds premier Risk forum and contribute to better understanding of the complex world of risk.

    Business Partners

    For companies wanting to create a greater visibility for their products and services among their prospects in the Risk market: Send your business partnership request by filling in the form here!

lead