Over the last several years, there has been a shift in the development of software from a traditional waterfall approach to an agile approach. At the same time, cybersecurity is a hot-button issue for almost every company. As such, enterprises should be thinking about how cybersecurity impacts software development in an agile workflow. Here are just a few things to consider:
Take Advantage Of The Cloud
The cloud offers high levels of security, and companies are increasingly moving to the cloud to take advantage of this. Part of the beauty of the cloud is that it doesn’t take a large investment of upfront capital. The consumption model that many cloud providers use makes good financial sense for most companies, allowing them to develop their software in a secure environment without requiring large investments upfront.
Microsoft Azure, for example, offers a wide range of products across an entire ecosystem, allowing enterprises the flexibility they need to choose the tools and development environment that will work best for them, without compromising security in the process. (Disclosure: My employer is a joint venture between Microsoft and Accenture).
This broad range of services across an ecosystem should be an important consideration for organizations choosing between different cloud providers, and enterprises should not only compare hosting costs for on-premise environments, but include the incremental costs of securing on-premise when doing evaluations.
Another very important aspect of security in agile development is the proper categorization of data. It’s crucial that developers take a close look at the data and its use or process, and try to determine the correct category for the data. Many companies are taking the time to get very detailed in their data categorization, with levels ranging from confidential to restricted to high business impact and more.
In contrast, some companies are instead declaring all their data to be within the highest restriction levels without diving deep into its relative level of risk. This opens companies up to possible security dangers: They aren’t able to assess where security resources realistically need to be focused because they’re focusing on everything at once. By taking more time with data categories, companies are able to take a slower and more critical look at their data risk.
Even in markets like financial services and health care, where high regulatory standards require the meticulous protection of data and information, there are still ways to create distinct categories of data for heightened security.