Home » Security » Can you trust your software?

This is a question we’re hearing being asked more and more these days. Most people think that breaches only happen to small, insecure organizations – without defined policies. However, the participants in this Verizon study were some of the largest multinational firms out there. These companies take security seriously– oftentimes having dedicated teams focused solely on security— and have made significant investments in this area. And yet they were still breached. Clearly something is broken, when these guys can’t keep their data safe.

Today, software is everywhere; everything is automated, everything is interconnected. With the proliferation of software, it is accessible and available for everyone, and as a result, there are many opportunities for hackers to cause havoc.

Users consume applications on premise, on demand and the on the go. Think about a typical daily scenario: you’re at work: you check your Outlook on a thick client (desktop), you go out to dinner: you check your Outlook on your Blackberry, iPhone and any other smart devices, and finally you go home: you check your email via Outlook for the browser or your Gmail personal account.

Companies have to write their applications for different platforms, OS’s and browsers. In many cases, it’s the exact same application instantiated in different ways for different devices. The line between enterprise and consumer applications get blurred, just as work/ home life bleeds into each other.

Software development, in general, has always been complex. There are different teams working on different modules for the same application.

However, due to customer demands of a “Anytime, Anywhere” world, software development has become even more complex, nuanced and matrix-ed. Now, different teams can work on even the same module based on the different device or platform that it’s built for. Due to this complexity, engineering has become even more specialized, i.e. you have an iPhone, Blackberry, Mac, Firefox, etc. developer. So following the Outlook example, you may have a team just focusing on rebuilding the Outlook functionality for the iPhone. And that team could be based out of any geographical location!

So how do you ensure that all your sources of software development meet the stringent quality and security standards that your customers expect?