Vikas Rewani and I collaborated on an article about Prioritizing Cybersecurity for the Pluralsight blog last year.
I want to highlight here one of the topics that was discussed in the article, the importance of breaking down silos:
The structure and siloing of a large enterprise organization can thwart security efforts. For instance, security often lives under the IT umbrella, while software development is part of R&D.
Further, organizations may utilize a combination of technical resources—in-house, outsourced, onshore and offshore—all reporting to different people, who have varying business goals.
For optimal security, an organization’s security and development teams need to work together closely. “Security cannot accomplish its goal without involving those who can actually change code,” explains Frank Rietta, who teaches Threat Modeling, Secure Coding, and Security Project Management with DevelopIntelligence. “If R&D views the security group as ‘outsiders’ or ‘paranoid,’ and goes to production effectively ignoring security, then the enterprise will not be successful at reducing organizational risk.”
Additionally, a comprehensive security strategy requires collaborating across all departments in an organization. Human resources, customer service, and other areas can be entry points for cyber attacks.
I invite you to think about how those who can change code are involved in your security process. If you cannot change code in a very short period of time, then something needs to change.
Read the article for yourself at Prioritizing cybersecurity (pluralsight.com).
If you find yourself stuck thinking strategically about rapid patching and deployment of code changes, we can show you how to optimize your custom code pipeline for rapid patching of supply chain vulnerabilities and to deploy reliable functional updates to your system like clockwork. Just reach out and let’s chat.