Our corporate “Monster In Your Corner” theme really landed with me — when was the last time you heard the EVP of Development say something like that about a marketing campaign?
The “Monster in your corner” means you have the full force of CA Veracode’s scalable cloud-based service in your corner — backed by our world-class security experts — to help you reduce application-layer risk. The stakes are very high for executives like me. We either deliver innovative software on a timescale of relevance, securely — or we’re toast. Harsh, but true. Second, the “securely” part is — as we say in New England—“Wicked Hahd,” particularly if you try to go it alone. So, I feel like I need a monster in my corner.
Look, my customers are probably very similar to yours. They want new offerings and product enhancements fast — we’re a SaaS player so if we fail to meet their expectations, they shut us down — no renewal, no expansion, no reference — no IPO! Our team leverages Agile, DevOps, and AWS to meet customer expectations — and we leverage good security hygiene across the SDLC plus CA Veracode’s cloud-based service to do it rapidly and securely. Shameless plug alert — check out previous content by Pete Chestna and Chris Eng to learn how CA Veracode implements secure agile in our own development environment.
Application security is “Wicked Hahd” — and going it alone sets your Dev and Security teams up for failure. Security isn’t just another non-functional requirement like quality or performance—not that quality and performance aren’t important or challenging in their own right but neither involve planning for malicious intent in the face of focused cyber-attackers — that don’t need to be right very often to cause significant harm to your enterprise. As a result, it’s not enough to ask a developer to get more knowledgeable about writing secure code and/or to train them on a simple scanning tool. Better development security hygiene is no longer enough, given today’s AppSec threat landscape, because it’s the equivalent of bringing a pen knife to a gun fight. So, I like the “Monster in Your Corner” theme because it suggests that those of us leading Dev organizations (and our CISO counterparts) need help (no, not psychological help, although there are days…) from experts on implementing enterprise-wide governance programs to reduce risk across web, mobile, legacy and third-party applications. The AppSec threat landscape has evolved to a point where the only way to setup your Dev team for success — you know, deliver timely innovation without sacrificing security — is by having a Monster in Your Corner. Honestly, this sounds so corny that I can’t believe I wrote it, but it’s true. Look, it’s fair and reasonable to ask my development team to develop software with secure coding practices in mind, and to incorporate corporate security policy into “doneness” criteria, etc.—all while going at a breakneck, Agile-at-scale pace. That said, it’s irresponsible not to give them access to a powerful, centralized AppSec platform with on-demand AppSec expertise to help level the ridiculously disproportionate playing field that they’re dealing with.