So once again, I’m not attending RSA. While my counterparts are working our booth in their new Veracode kicks, and meeting with customers, I’m perusing the RSA conference videos and podcasts for interesting things to read.
The Risk and Responsibility in a Hyper-Connected World podcast got my attention – mostly because it promised some research:
“Findings and perspective on the current state of the cyber security challenge and three potential scenarios for the future, along with a set of individual and collective options that can foster cyber resilience and mitigate the strategic and economic impact of cyber security threats. Session is based on research by McKinsey & Company and the World Economic Forum.”
I found the research report online at the World Economic Forum website. One of the more interesting questions asked in the survey was about which organizational actions would have the most impact in reducing the risk. The ‘winner’ was integrating security into the technology environment to drive scalability. That action is considered a game changer by 38% of the respondents, and 47% said it has a significant impact. That’s a whopping 85%.
The point it seems that many business executives miss is that their technology environment is mostly software. As our founder, Chris Wyspal, likes to say “The world’s largest enterprises are increasingly finding themselves in the software business.” Software is the technology that is developed most rapidly (think agile development) and deployed most rapidly (think devops). Software is the technology that creates and interacts with the data which organizations need to protect. Software is the technology that gets attacked most frequently.
We know! We’ve been working at it since we were founded. Making this easier is the core principle that drove how we designed our cloud platform. It’s why Chris Eng presents about Real-World Agile SDLC to share the best practices we’ve learned. It’s why we offer services like eLearning, developer coaching and program management in addition to APIs and Plugins to integrate with developer tools.It isn’t easy to integrate security into the software development process in ways that drive scalability.
Software development and developers need to be security-smart. It’s an effort worth doing – according most of the CISOs and other executives interviewed by McKinsey for the World Economic Forum report.