Skip to main content
October 17, 2014

What Microsoft's Agile Development Plans Mean for Application Security

What Microsoft's Agile Development Plans Mean for Application Security
Waterfall development has been a staple of technology's largest software houses for decades, but now even the most blue-chip tech firms are considering more nimble approaches. Agile development has proven its power over the past few years, and Microsoft looks to be shifting its development process to take advantage of its benefits — including that fact that it provides an opportunity for CISOs to easily integrate security testing into their development processes, ensuring their apps are as secure as possible in a time when information security is only growing in importance.

A More Agile Microsoft

Microsoft appears to be moving toward a development methodology that is better suited to the rapidly shifting natures of cloud- and mobile-application markets. As detailed in the Wall Street Journal, Microsoft CEO Satya Nadella has indicated a desire to adopt a more agile approach to development. The CEO specifically noted that within a cloud environment, it makes sense for developers — instead of a separate team — to test software, although the company did not comment on whether or not this was part of a larger shift toward Agile development across the board.

In an Agile environment, the development team focuses on releasing frequent, small updates to an application instead of the larger, infrequent updates that have been used in the past. The issue is that cloud-based and mobile apps have to be able to shift with fluid market conditions in order to stay current. A yearlong development cycle no longer works, because by the time an application goes live, the concepts that have driven the release or update are woefully outdated. Agile development solves this problem, while at the same time integrating development and operations into a stronger team for a better, more responsive product.

Microsoft is far from the first large company to give Agile methodology a chance, but it is a sure sign that as more and more businesses look to mobile and the cloud as their primary development platforms, they will find that agility is required.

Integrating Development and Testing

The shift toward Agile development will almost certainly provide such benefits as deftness and speed to market, but it also grants an opportunity for CISOs to ensure that applications are prepared for today's security challenges. Because Agile methodology integrates testing into the development process, enterprises no longer have to wait until the application passes out of development and into testing to see if there are security issues present.

Enterprises can choose to run security checks on code as it is being developed, using "white-box testing" to see if any known vulnerabilities exist. Utilizing a policy-based approach here, such as one governed through a cloud-based security solution, will not only result in more secure applications, but is also much more cost effective than solely scanning applications near the end of the Software Development Life Cycle.

The right security vendor can also scan third-party and open-source code, ideally using the binaries instead of the source code, to ensure that any outsourced parts of a finished application adhere to the overall security policy.

Since all of this is done during a shift toward Agile methodology, additional scans don't have to be presented as extra steps that development must add to existing workloads, but rather as part of a more holistic approach to meeting existing security standards. These early scans will also help CISOs identify when developers are using less-than-ideal application architecture, and can open the door for a broader discussion across the enterprise regarding application security.

Microsoft's latest moves show that the cloud and mobility are necessitating a shift toward Agile methodology, but at the same time these new tech foundations are signifying the importance of solid application security. If customers are trusting their identities or businesses to a company's cloud or mobile app, they have to be assured that it's secure. Luckily for CISOs, the adoption of a development paradigm perfect for this new tech reality is also perfect for an increased focus on security.

Photo Source: Flickr

Shawn Drew has spent the last five years helping businesses understand the difference that technology can make for their internal processes, external connections, and bottom line. He specializes in all things cloud computing and security, and hopes to impart some knowledge on how the two can be combined to enhance the inherent benefits of each. His work has been published on the websites and blogs of a number of technology industry leaders, such as IBM, Veracode and Boundary.

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.