Are Your Information Security and Software Development Teams At War?

They don't have to be. But the more exciting things you do with cloud technology, the bigger the risk—and the more anxious your security team grows. Here are five ways to achieve a unified strategy.

Growth begets risk. IT security and software development teams know this all too well.

Cloud-native software development, noted for its flexibility and scalability, can create tensions between your IT’s creators and defenders. While development teams can feel held back by security protocols, security teams might be wary of innovative cloud-based projects they feel could increase risk to the organization.

It doesn’t need to be this way. Organizations must ensure these two teams are aligned from the outset of every cloud project to deliver secure applications that support business goals. This is especially critical for all businesses today as the threat of malicious actors continues to reach all-time highs each month.

Here are five ways your organization can approach cloud management with a unified strategy of security and development.

1: Collaborate in the Planning Stage to Define Shared Goals

If your development team is getting ready to build a new application or service, make it a practice to include your security team right from the beginning.

Meet and discuss your objectives and concerns for the cloud application. Here are several questions you may want to address with both teams involved:

• What is the business purpose of this application or service?

• What are the security implications if there were an outage or a breach?

• Is there confidential data involved?

• Where does security need visibility into development and deployment?

Collaboration between these teams minimizes surprises and keeps everyone aligned. This should help reduce the severity of incidents and ensure there are resources to mitigate them.

Once your developers are ready to start the project, make sure both teams keep an open line of communication to work through any concerns that arise on either side. You’d likely rather spend a week shoring up a security threat than explain to a customer or your shareholders why information was leaked.

2: Use the Tools Your Cloud Platform Gives You (Don’t Try to Create Your Own)

When you’re building an application in Amazon Web Services, Microsoft Azure or Google Cloud Platform, there’s no need to reinvent the wheel. In fact, organizations run into trouble when developers try to write their own security layer in major cloud providers’ platforms. While it can be appealing to do things the way you’ve always done them, a DIY approach may come at the cost of your application’s and environment’s security.

Major cloud providers have deep resources and support teams—they’ll have 100 people refining security and performance features for any given app, versus your organization’s 20-person developer team managing dozens of different apps. These providers are constantly monitoring the threat landscape so they can strengthen the infrastructure accordingly.

Adapting to new tools can be frustrating for developers who are used to writing code a certain way, but it’s in the best interest of your development team to trust the tools your provider has given you. These tools have been built to seamlessly integrate with the cloud platform and have security and compliance objectives built in.

3: Leverage Cloud Platforms in Organizations With On-Premises Infrastructure

One advantage of cloud environments is that you only pay for what you use. This may come in handy in a largely “On-Premises” organization when there is a desire to test a new application. You don’t have to wait for developers to build, spec and execute on-premises infrastructure to build a proof of concept.

A cloud platform can provide an efficient and cost-effective solution.

From a business perspective, this means you won’t need to worry about the capital investments in additional infrastructure or servers. This gives security and developer teams more freedom to experiment with new software, assess security issues and refine before deployment.

4: Establish Consistent Test Environments

We consistently remind people to ABT: Always Be Testing. However, this is the first step that organizations tend to skip, or minimize, when a time crunch occurs. Thankfully, the cloud makes testing any new application or service before deployment easy.

Your cloud provider’s infrastructure is built for repeatable environments. AWS’ CodeDeploy, for example, automates software deployments across production environments while maximizing application availability. This gives your developer team visibility into application health with minimal lift—and they can easily roll back the deployment instantly if there are any performance or security issues.

Once again, cloud providers have nimble resources and exposure to a wide range of environments. When testing your application, cloud platforms make a once arduous chore into an easy test.

5: Don’t Be Afraid to Say Goodbye to Your Darlings

The beauty of the cloud is that it allows for ephemeral environments. This is an advantage from a security perspective.

Sometimes your organization may just need a one-off service for a task. In other words, it’s an environment you’ll only use once. You can deploy the application in the cloud, complete the task, then shut it down. Terminating the application keeps security threats to a minimum.

Developers should rethink their emotional attachment to their environments—if it’s no longer serving a business function, there’s no need to let it lie dormant. Doing so creates compounding risk through forgotten assets and unpatched systems. Instead of spending hours figuring out how to patch a security vulnerability or keep an OS up to date, eliminate the application and build a new one for a different task at hand.

Teamwork Makes the Cloud Work

Organizations that successfully build both innovative and well-protected cloud applications understand that developers and security leads are on the same team.

When embarking on a new application, rather than try to advocate for innovation over protection or vice versa, treat both as non-negotiable goals. Your cloud provider has all the resources you need to make both possible.

Bring security into the conversation early and strategize how development can use the tools available. Invest the time to learn them or select a trusted advisor to help. The investment in both are worthwhile.


MORE LIKE THIS

  • Get the CEO Briefing

    Sign up today to get weekly access to the latest issues affecting CEOs in every industry
  • upcoming events

    Roundtable

    Strategic Planning Workshop

    1:00 - 5:00 pm

    Over 70% of Executives Surveyed Agree: Many Strategic Planning Efforts Lack Systematic Approach Tips for Enhancing Your Strategic Planning Process

    Executives expressed frustration with their current strategic planning process. Issues include:

    1. Lack of systematic approach (70%)
    2. Laundry lists without prioritization (68%)
    3. Decisions based on personalities rather than facts and information (65%)

     

    Steve Rutan and Denise Harrison have put together an afternoon workshop that will provide the tools you need to address these concerns.  They have worked with hundreds of executives to develop a systematic approach that will enable your team to make better decisions during strategic planning.  Steve and Denise will walk you through exercises for prioritizing your lists and steps that will reset and reinvigorate your process.  This will be a hands-on workshop that will enable you to think about your business as you use the tools that are being presented.  If you are ready for a Strategic Planning tune-up, select this workshop in your registration form.  The additional fee of $695 will be added to your total.

    To sign up, select this option in your registration form. Additional fee of $695 will be added to your total.

    New York, NY: ​​​Chief Executive's Corporate Citizenship Awards 2017

    Women in Leadership Seminar and Peer Discussion

    2:00 - 5:00 pm

    Female leaders face the same issues all leaders do, but they often face additional challenges too. In this peer session, we will facilitate a discussion of best practices and how to overcome common barriers to help women leaders be more effective within and outside their organizations. 

    Limited space available.

    To sign up, select this option in your registration form. Additional fee of $495 will be added to your total.

    Golf Outing

    10:30 - 5:00 pm
    General’s Retreat at Hermitage Golf Course
    Sponsored by UBS

    General’s Retreat, built in 1986 with architect Gary Roger Baird, has been voted the “Best Golf Course in Nashville” and is a “must play” when visiting the Nashville, Tennessee area. With the beautiful setting along the Cumberland River, golfers of all capabilities will thoroughly enjoy the golf, scenery and hospitality.

    The golf outing fee includes transportation to and from the hotel, greens/cart fees, use of practice facilities, and boxed lunch. The bus will leave the hotel at 10:30 am for a noon shotgun start and return to the hotel after the cocktail reception following the completion of the round.

    To sign up, select this option in your registration form. Additional fee of $295 will be added to your total.