Buyer's Handbook:

Tools for those seeking security for apps in the enterprise

BACKGROUND IMAGE: Vertigo3d/GettyImages

Seeking security for apps? The QMS model is one to consider

Application security is not a technology; it's a professional practice within an organization's mission. Of course, application security tools are a necessary and critical component of the practice. But so is the strength of your overall software development process; the relative experience, knowledge and skills of your staff; and, most importantly, your management's commitment to application security's contribution to the bottom line. Security for apps is an organizational competency.

Let's use an example from a different discipline: quality. If you're a manufacturer, defective products are a terrible drain on your bottom line. The more defects, the more money you lose. Historically, product defects were such a big problem for manufacturers that they developed a formal organizational practice called a quality management system (QMS). The goal of a QMS is simple: zero defects.

Achieving zero defects is hard. To create a manufacturing process that consistently produces products with no defects, you must evaluate the entire process end to end and meticulously root out any behaviors, practices or materials that might introduce defects. This requires total commitment. Sure, you can use tools to help -- for training, testing, tracking, inspection and the like -- but the underlying enabler is organizational competency.

Regarding security for apps, I'm not suggesting that we can literally achieve zero vulnerabilities, but we should be able to achieve zero known vulnerabilities in our applications by not introducing insecure code, weak configurations, outdated protocols or worse. It will take more than tools to achieve security for apps. Just as with the QMS approach, we must look at our application lifecycle end to end and root out any behaviors or practices or components that might introduce vulnerabilities. 

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

  • CIO Trends #6: Nordics

    In this e-guide, read how the High North and Baltic Sea collaboration is about to undergo a serious and redefining makeover to ...

  • CIO Trends #6: Middle East

    In this e-guide we look at the role of information technology as the Arabian Gulf commits billions of dollars to building more ...

  • CIO Trends #6: Benelux

    In this e-guide, read about the Netherlands' coalition government's four year plan which includes the term 'cyber' no fewer than ...

-ADS BY GOOGLE

Close