Smart Devices Pose Many Challenges to IoT Security — Is Your Company Up to the Challenge?

Internet of Things (IoT) devices are everywhere, and they're not going away any time soon: Experts at Cisco speculate that in 2020 there will be more than 50 billion connected devices, including wearable health, connected vehicles and smart grids. And the paradigm set by the ever-present gadgets has significantly changed society's perception of technology, with almost every sector adopting IoT devices to improve user experience and deliver high-quality service. But what about IoT security? These systems are able to gather and share huge quantities of sensitive data, which raises...

Read More

Play in the sandbox

This next post picks up where we left off in our previous discussion around automation within developers’ toolchains. Once developers have a methodology to perform security assessments and fix identified vulnerabilities within an integrated environment, the next question is how to assess new code against specific security and compliance policies. The sandbox is the way for individual developers or development teams to assess new code against the required security policy — without affecting compliance reporting for the version of the application currently in production. One way to...

Read More

Gartner Report Details the Value of Security Programs and Creating an Executive Link

Cybersecurity is a now a top priority for board members. According to Help Net Security's report on a recent NYSE Governance Services/Veracode survey, over 80 percent of respondents said security was discussed at "most or all" boardroom meetings. But there's a disconnect: Sixty-six percent of those surveyed said they were "not fully confident their companies are properly secured against cyberattacks." Bottom line? Something's lost in translation between CISOs and the rest of the C-suite when it comes to the value of security programs. How can IT execs...

Read More

Beyond Breach Avoidance – Demonstrating the Value of Security

Making a case for more security can be a difficult task at any enterprise. Many executives incorrectly assume that the lack of a recent breach means the company is adequately secure. However, as the old adage goes, there are only two kinds of companies: those that have been breached, and those that don't know they've been breached. Additionally, in the not-so-distant past, the CISO's seat at the executive table was tentative at best. The role was seen as necessary — we need someone to lead our security efforts — but also tactical, and, as a result, security was seen as...

Read More

How a DevOps Team Can Transform Your Company

At a conceptual level, you can compare most moderately complex businesses to the inner workings of a mechanical clock. They both require several parts moving in sync to function (think accountants, sales reps and marketing). Apply that analogy to the software development industry, and you have something resembling a cuckoo clock. Forgetting the countless integral external roles, core responsibilities such as operations, security and development function in dissimilar circles despite ostensibly working toward the same goal: a design flaw in the SDLC that results in siloization, unnecessary...

Read More

The Home Depot Breach Offers Key Lessons for Those Hoping to Avoid a Similar Fate

Retail stores (and especially big-box, multiple-store, nationwide retail businesses) face unique security challenges when adapting to advancements in the digital age. Whether you're talking about the Internet or the smart devices that made it mobile, as a result of their existence, big-name resellers collect tons of sensitive consumer information every minute of every hour of every day — and when you're collecting and transmitting that much valuable data, you can bet someone's putting big effort into trying to access it for nefarious ends. For proof, look no further than the...

Read More

The Scalability Challenge, Part Two: Maintaining Both Speed and Security in the Software Development Lifecycle

Speed kills, but so does slowness. Those six words go a long way in explaining the complicated relationship between speed and security, not to mention a classic trade-off problem in the development world: Every organization needs to secure the software it's developing, but none can risk slowing its software development lifecycle in the process. In a lot of ways, however, this problem is as old as the era that spawned it — one that didn't have anything resembling the tools or level of automation we do today. Back then, more testing really did mean missed time-to-market deadlines...

Read More

Stop Siloing! 3 Tips to Enhance Interdepartmental Communication

Like a lot of modern methodologies, DevOps is a set of practices and philosophies designed to alter the way we develop software. Unlike most other methodologies, however, DevOps puts a major emphasis on cooperation and communication, instead of focusing solely on nuts-and-bolts processes such as design and coding. If you've spent much time reading about DevOps, then you probably know all about how it encourages effective interaction between departments. What you may not know are DevOps-friendly strategies you can use to put an end to siloing and get your departments working toward a...

Read More

In Software Development, Speed and Security Don't Have to Be Mutually Exclusive

Mention security and testing to a group of young developers, and you'll likely hear a lot of groans. It's not that the current generation of Agile-minded code hotshots is careless; rather, it's that the culture at most companies is one of speed and achievement. It's easier to celebrate milestones than it is to celebrate a lack of something, even if that something is a lack of hacks. And often, there's a misconception that speed and security are mutual exclusives. As a recent Veracode webinar on "Why Developers Need to Think about Security" finds, when it comes to...

Read More

A Broad Look at DevOps: Why It Came to Be and How It's Changing the Development World

If you've been working in development long at all, you've probably heard the term "DevOps" kicked around quite a bit — and if you work in a non-technical capacity, you probably ask yourself what the heck it is every time you see the word. The problem with answering this question is the term means different things depending on who you ask. Like most industry buzzwords, the term has taken on a ton of tangentially related definitions over the years, making it hard to ascribe a single meaning to it without skipping over several others. The good news? Even without a...

Read More

Pages