Not the (impartial) British public service broadcaster aka ‘Aunty’. We only have a page or so, which is nowhere near enough to summarise our thoughts on the corporation!
We are talking about the implications of moving a business, via the digitalisation process, from a world in which online activity is predominately Business to Business, to one where Business to Consumer becomes the new way of working.
We have been talking to a number of clients about this and are becoming quite concerned that in the rush to deliver a massive increase in web-facing infrastructure and applications, security is (as ever) taking something of a back seat.
As you will all be only too well aware, new developments tend to use the Agile Software Development approach, of which there are numerous variants all complete with mind boggling references to things like a scrum master, dark arts instructor etc.
The pace of these developments and the time to deployment means that without automated risk management, security standards and code testing, it is quite easy for security issues to slip through the net without being spotted and it is becoming imperative to introduce security early on in a development project rather than retrofit it at a later date, probably after the crime has happened.
The risk is exacerbated by the fact that many new applications run on a public cloud, using integrated third-party platforms such as MuleSoft, and are connected to legacy networks and systems for the integration with the Enterprise’s data set.
ITC recommends that businesses undergoing the digital revolution (still can’t say that without a wave of nausea) put security first and foremost and make it a part of the development lifecycle, with tooling and commonality across all layers including, especially, API development.
Standards and tooling should be mandated for all deployments, including all projects developed by third parties, supported by associated technology. Deployed applications should be sending logs to the security monitoring service out of the box, rather than expecting to retrofit this later on down the line. We all know that in the fast (and getting faster) world we have built for ourselves, retrofitting is the wrong approach.
ITC is working with some key tooling providers, which can take the pain out of application and API delivery and would love to talk to you about it. If you would like to discuss this with us, please contact us at: [email protected] or 020 7517 3900.
Apologies for the short blog this week, it is brought to you from the man-flu ward.