Agile is beyond a buzzword at this point — it's a way of life. And Agile Scrum methodology is getting there, but its frenetic pace and hyperspecialization of tasks is still novel to many companies. With Agile Scrum's recent advent and rapid gain in popularity, security teams are scrambling to catch up with developers. Not only does this no-huddle offense leave little time to talk about anything but the task at hand, it further complicates the secure development and testing phases that are so critical to building safe, quality software.
Just as more NFL teams here in the United States follow college football's lead in switching to an up-tempo, no-huddle offense, more and bigger companies are implementing Agile Scrum methodology to build software faster and more efficiently — and with fewer misunderstandings between those asking for products and those building them. The advantages are clear: more specialized tasks lead to fewer bugs and misunderstandings, and daily team meetings clarify problems before small bugs in an Agile team's process turn into larger problems.
Scrum teams are even lighter on their feet than traditional Agile groups; they work on dedicated tasks for short bursts known as "Scrum Sprints" in which they routinely complete projects in two weeks or less. Such speed can be a dream come true for a development team — but for many security teams, it's a nightmare. It can take traditional security solutions more time to test code after it is written than it takes to build entire products in Scrum development.
As a result, secure development practices are often compromised or eschewed in many Scrum-style coding frenzies. Just as no-huddle offenses leave defenses gasping for breath and totally confused about where to be and what to do, Scrum makes rapid progress at the expense of thorough security testing. Few security solutions can keep pace with the quick turnarounds and fragmented development techniques of Scrum.
This is hardly a good excuse for failing to rigorously test and secure all new applications, however. After all, speed is nothing without control. Everything gained through the flexibility and agility of Scrum can be erased by one security blunder, so alleviate that drawback with an up-to-date and comprehensive security solution. Let security software designed for Agile and Scrum take care of it, since building security into your work queue will negate the speed benefits of Scrum and be cursory at best.
Instead of arguing over whether the best defense is a good offense or vice versa, have both. Your software will thank you.
Photo Source: Flickr