"Rebuilding Trust Between Developers and Security"

The demands of today's company Information Technology (IT) environments can cause conflict between developers and security teams, impeding the successful deployment of cloud security. Developers want to deliver features as quickly as possible, while security teams want everything to be as secure as possible, resulting in an ongoing conflict of interest. David Hendri, CTO and co-founder of the cloud security firm Solvo, has provided his ideas on how to reestablish the trust between developers and security through the development of a common language. According to Hendri, although developers and security teams both want what is best for their company, their respective guiding principles are fundamentally different. While innovation and security are equally essential, they occasionally conflict, causing these teams to encounter obstacles that could potentially be disastrous. In order to conform to the most recent security standards, for example, security leadership often introduces requirements without determining how these requirements affect the development process. Hendri says that they have done so many times that security teams have gained the title of 'regulator,' delaying the progress for which developers are striving. At the same time, developers sometimes disregard security as something to be addressed post-production, rather than implementing secure standards early in the Software Development Life Cycle (SDLC). CISOs can take steps to reduce friction between the two groups. This is an opportunity for CISOs to frame success to the development team in a manner consistent with company growth. For example, CISOs should emphasize that a product's inherent value is enhanced by its security, especially in an age where everything is digital. Prospective customers often seek products adhering to security regulations, which is a crucial purchasing factor. Once a fundamental culture has been created, CISOs should assess the processes in place and tactically integrate security into the SDLC. They should ensure that security professionals are included in the development and planning phases so that developers can comprehend what is required for secure code. This article continues to discuss Hendri's insights on how to rebuild trust between developers and security teams. 

BetaNews reports "Rebuilding Trust Between Developers and Security"

Submitted by Anonymous on