Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

How to get security right when embracing rapid software development

Andrew Storms, VP of Security Services, New Context | Sept. 3, 2015
Five steps to reduce risk while moving to continuous updates

If the sprint’s allocated stories are completed early, more work can then be pulled in. That said, don’t let others push unplanned work on the team. Agile programming requires team agreement to complete a specific amount of work in a specific time frame.

* Work across departments. When departments move together rapidly, tensions will inevitably rise. Security should be brought into the fold so these issues don’t cause speed bumps. Sales teams, marketing teams, or teams invested in the end product need to have an equal seat at the table. Planning should be a collaborative effort among all stakeholders.

* Separate duties and systems. Often, as companies attempt to embrace rapid acceleration, a need for separation of duties may arise as just one of many compliance requirements. Only select employees should have access to production and test systems.

* Work as a team. Ensure everyone understands the company’s compliance and controls requirements. Be creative to ensure requirements are met without creating speed bumps. Also, consider how controls could be automated. Finally, check with your auditor to make sure what you’ve implemented meets the requirements.

Security will always be a concern with development, and that concern only intensifies when processes speed up. As long as your teams work together, communicate clearly, know their places and expectations, and hold one another accountable, you can hasten the development process while keeping security fears at bay.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.