In a tech industry marked by explosive growth, expanding rosters and exorbitant license fees, scalability doesn't just mean growing to accommodate changes as they come — it's also synonymous with survivability.
Take the act of adding new software development roles, something any reasonably successful software company is doing a bunch of these days. Every relevant employee or role within an organization can mean a new layer of security concerns. Onboarding is a major consideration, especially as it applies to bringing in new engineers. By the same token, adding new security execs and hiring third-party vendors can have a drastic effect on security operations.
Fortunately, managing new people and roles in an expanding company isn't much different from handling other scaling security concerns. While it'd be impossible to list all the potential software development positions a company might add as it grows, here's a look at three common roles and ways to securely scale for them:
As the backbone of any software project, developers and engineers are arguably the easiest roles to add to a growing organization. That does not, however, mean there aren't security concerns related to bringing new ones on board.
Developers are prone to making errors while they acclimate to their new employers' way of doing things, and catching and remediating those errors can tie up significant resources. It's a problem that scales with the number of developers hired, especially considering the ever-increasing trend toward employee specialization. In other words, coaching that helps one developer might be useless for the one in a neighboring cube.
When it comes to finding and reporting errors, automation is a huge help, as is offering on-demand training and coaching. Because you aren't manually testing and reviewing every developer's code, remediating on a large scale becomes easier. On the other hand, giving your devs access to the same training resources allows them to learn about specific issues when they need help most, meaning the info is more likely to stick and carry over to subsequent projects.
The automated testing that makes training developers easier can significantly improve performance in security-related software development roles as well. Many benefits of cloud-based security platforms come down to continual testing and reporting combined with the on-demand training mentioned earlier: Instead of leaving security folks to notice patterns and act on trends on their own, an automated system can point them in the right direction, giving them a starting point as they look for weaknesses and decide on action plans. The platform also has systems in place to ensure easier, more efficient communications between security and engineering professionals, further cutting time and cost from "baked in" tasks.
This all comes together to make consistent policy enforcement easier, which cuts down the amount of time spent fixing thematically similar errors. Better yet, the platform can automatically search for weaknesses in a company's digital perimeter (including outdated or forgotten applications), reducing the need for more security personnel and putting those who are already on the payroll to more important tasks.
Interactions with third-party vendors are a way of life in today's development world: The larger the scope of your project, the more third-party components it's bound to contain. This basic fact makes consistent policy enforcement a difficult task.
Proprietary issues with source code are a good example of what this can mean. Generally, companies must rely on manual testing and on-site, vendor-provided tools — two solutions that only get more expensive as the overall amount of testing grows. Veracode's platform, on the other hand, doesn't need access to source code in order to test it, so in-house and third-party code are held to the same standards regardless of a project's size.
Automation also gives first-party companies new avenues for performance tracking, a major concern for organizations who work with third-party vendors. By simply having tools to track improvement areas, a hiring company can motivate its third-party partners to turn in better code the first time around, which is another concern that becomes more expensive with every line of code a vendor contributes.
Some so-called "growing pains" (read: additional costs) are unavoidable when a business expands. Others, such as scaled-up security measures, don't need to be more expensive, even when new employees or whole new teams are being brought into the fold. The keys, as ever, come down to promoting efficiency through automation: When tasks can be handled by off-site machinery, there's more time for those in software development roles to perform other, more critical jobs. While the circumstances behind every business's growth (not to mention every business's needs) are different, that's something toward which every organization can aspire.
Photo Source: Wikimedia Commons