In a pre-digital world in a galaxy far, far away… there used to live umpteen
number of family run businesses operating on word of mouth and past
reputation. The key parameters for success were deemed to be an
amalgamation of locational advantage, steady clientele, variegated
inventory and product quality.
Fast-forward 15 years to a digital marketplace; we look at a somewhat
changed landscape with additional parameters. The keys to success for a
business have added many parameters along the way in this long odyssey.
Customer service Product Quality took center-stage. The new guard of
businesses, savoring the sweet piquancy of success includes
receptiveness to customer needs and an intuitive insight into customer sub
consciousness. As we move into the millennial business world, we are in
the cusp of an additional challenge, which is to ensure security along with
the existing dimensions of site speed and Product Quality.
In a predatory agile world, true innovation migrates from optional to mandatory. With IOT
further blurring the physical and digital lines, security crosses over from
being an ‘icing on the cake’ to the eggs in the cake. With driverless cars
and pilotless drones becoming a reality, the dreaded phrase ‘in the wrong
hands’ leaves a bone-chilling image and would definitely fuel innumerous
e-catastrophic movies.
If a product were to be described as a democracy, the 3 pillars of that
democracy would be Availability, Performance and Security. It is
presumptuous for Product managers to engineer a product with less than
any of the three pillars. In order to truly innovate at a rapid pace,
engineering solutions are being rapidly built for all three pillars. The twin
towers of Availability and Performance has reached a mature juncture and
has been built into the psyche of the average engineer and product
manager.
In order to bolster the third and critical pillar of security, a comprehensive
Secure Product Lifecycle (SPLC) is desired and efforts to bring automation
into this hitherto celibate element needs to be encouraged by
organizations.
While buzzwords like DevSecOps and security automation
are becoming more common in the developer community, there is still a
long way to go towards building comprehensive tools towards pushing CI
model for security. A lightweight SPLC model consists of automation
around threat modeling, static scan (SAST), dynamic scan (DAST),
release, post release with the different vectors of coding language,
platform, best design and coding practices, network security, machine
learning, training, ethical hacking, firewall configuration, monitoring and
patch management being of utmost criticality as well. While investment into
all of this may seem like a herculean effort right now, we really don’t have
much choice but to embrace the change and put our best feet forward with
the community in fighting and staying ahead of the ‘e-Darth Vaders’ out
there.
About the Author: Featured Author Cwebnews Kunal Bhattacharya Senior Manager, Application Security eBay
No comments:
Post a Comment