Data and application security is a high priority for businesses due to the growing risks posed by theft and increasing government mandates to maintain and secure private information.
One need not look any further than Singapore’s largest group of hospitals Singhealth, and its massive data breach last year, for an example of the various risks organizations need to address to protect customer information. Singaporean banks were also top targets of the Tinba v3 Trojan cybercriminals in 2015-2016, accounting for over a third (36%) of attacks, according to BMI Research. Regardless of the industry, any companies collecting valuable data on its customers are vulnerable to cyber attacks.
Organizations need to be committed to securing all external IT to protect data from breaches - and the business from the consequences of regulatory non-compliance. Issues such as the 2017 WannaCry attack that was found to have affected machines running an older version of the Windows operating system shows how hundreds of thousands of global systems can be compromised by unsecured software. This effort to secure data includes using commercial software (managed on-premises or in the cloud) that is delivered with no known vulnerabilities and continually tested and updated to address new threats as they are identified.
For the developers, it’s imperative to meet the challenge of providing secure software that customers need to fuel security initiatives and prevent data loss. The Singapore Airlines data breach earlier this year triggered by a bug that surfaced after the company made changes to its website underscores this point. The key to meeting this need is to implement a development lifecycle that assesses risks, models threats and solutions through design reviews, and tests software security in static and dynamic situations. These development processes should also be kept up to date by taking the following steps:
Software developers should also consider adopting a secure systems development lifecycle (SDLC), which treats security as a core part of software development, rather than an afterthought. An automated process, such as an SDLC, ensures that security processes cannot be bypassed while products are built, making it more likely to identify flaws before the product is released.
Setting the Standard for Software Security
There is no advantage in cutting corners. Developers need to adopt best-of-breed software test tools and methods to confirm that new software releases meet the security standards customers need. A process to ensure this happens should include the following:
Reputable, trustworthy software development organizations will seek to engineer security into its products and test continually along the path to delivery through operations. Automated processes will help guarantee that security will not be overlooked. Customers should expect secure software from their vendors, and a process like the one detailed above will help to identify and address vulnerabilities so those customer demands can be met.
Kaushik Bagchi, vice president of information management, Asia Pacific, ASG Technologies, authored this article.
The views and opinions expressed in this article are those of the author and do not necessarily reflect those of CDOTrends.