Shawn Drew

Shawn Drew has spent the last five years helping businesses understand the difference that technology can make for their internal processes, external connections, and bottom line. He specializes in all things cloud computing and security, and hopes to impart some knowledge on how the two can be combined to enhance the inherent benefits of each. His work has been published on the websites and blogs of a number of technology industry leaders, such as IBM, Veracode and Boundary.
Posts by Shawn Drew

AppDev Priorities Show Issues With Security

March 26, 2015

Insight into the world of application development shows interesting and promising trends. Agile development's popularity is increasing, and developers are finding real gains as a result. However, as the line between development and operations continues to blur, it can be easy for established security best practices to fall by the wayside. It's up to the application development community... READ MORE

How a Third-Party Compliance Policy Can Save Your Business

March 23, 2015

It's nearly impossible for modern enterprises to avoid third-party software and outsourced code. But as hackers and thieves continue to focus on the software layer, it's becoming increasingly important for every enterprise to develop a process for addressing their outsourced or third-party software, which must include a third-party compliance policy. Without one, enterprises leave... READ MORE

Point-of-Sale Fail: How to Find the Right Retail POS Vendor

January 29, 2015

There's a massive gap between perceived and actual security, especially when it comes to point of sale (POS) — and, as the recent surge in retail security breaches demonstrates, retailers that fail to recognize this gap are paying the ultimate price. The fact is this: Even though securing customer information has become a paramount concern for many CISOs, retailers don't always have... READ MORE

Where Cybersecurity Insurance Falls Short: Securing Against Third-Party Risk

January 27, 2015

A spate of high-profile security incidents over the past few years (and the damaging fallout from those incidents) has caused many enterprises to turn toward cybersecurity insurance for protection against business-damaging scenarios. The problem? Many insurance programs fall short when it comes to one of the riskiest aspects of modern technology: dealing with the software and systems of third... READ MORE

The Yahoo Security Breach: Third Parties Are the New Weak Links

January 12, 2015

As traditional enterprise perimeters become increasingly difficult for hackers to break through, they are turning their attention to the new weakest links in the chain. A handful of recent security breaches that affected Yahoo prove just how dangerous third-party software can be, and that an enterprise can take all the blame for security vulnerabilities in software that it had little to do with.... READ MORE

How Third-Party Software Failures Can Expose a Business

January 7, 2015

Investigations into security breaches over the past year show it's more important than ever for third-party security to be an integral part of every enterprise security policy. A recent security lapse at Lowe's occurred because of a third-party vendor's failure, yet the home-improvement giant was left scrambling to pick up the pieces and repair its reputation. As IT grows and... READ MORE

Citroen's Adobe ColdFusion Exploit Highlights Third-Party Issues — and the Solution

December 30, 2014

In early 2014, Citroen found itself stuck in the middle of an IT security incident. Hackers had taken advantage of a vulnerability found in Adobe ColdFusion — the third-party web-development platform on which the French auto manufacturer relied. And though the company's own servers were never breached, Citroen was forced to conduct damage control, informing the public that things were... READ MORE

Safety Check: Methods for Analyzing Third-Party Security

December 9, 2014

With almost every software development team now utilizing open source code, outsourced development, commercial-off-the-shelf (COTS) software or some other form of outsourced software, the need to understand proper third-party security has never been greater. The gamut of methods for analyzing third-party software runs from robust solutions that check for true application security to others so... READ MORE

True Code Security Requires Smart Software Development

November 17, 2014

No CISO in today's environment is going to allow a system to exist without solutions designed to prevent attacks, usually at the infrastructure or operating system (OS) level. But such solutions are naturally limited when it comes to attacks made directly against an application, and those limitations are leaving systems around the world even more vulnerable. True code security has been... READ MORE

For Proper Supply Chain Security, Conquer the Basics of Managing Outsourced Code

November 6, 2014

Traditional network perimeters have hardened over the past decade due to a greater understanding of the importance of security at the developer level and the natural evolution of security tools. However, modern business practices have led to an explosion of outsourced and third-party code being used within any given enterprise, and hackers are shifting their targets toward these applications. For... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.




contact menu