Access and Feeds

Security: The Expensive Afterthought of not Designing for Security Up-Front

By Dick Weisinger

Security continues to be an afterthought in the development of new technologies.

Ten years ago, Larry Dignan, editor in chief at ZDNet, had this observation about what the top priorities are for developer and customers:

Software Developer Priorities

Cook up applications quickly;
Gain massive distribution;
Get people to install it;
Monetize it.

Customer Priorities

Save money;
Ease of use;
Ease of installation;
Enable the business somehow (and save more money).

Security doesn’t show up on the list.  Unfortunately, things haven’t changed much in ten years.

Over the last year there have been numerous stories about the problem of IoT devices, even medical devices, which have little or no security and can be easily hacked.  There were, for example, articles in Wired, ZDNet, ComputerWeekly, and this article with the clever title “The S in IoT is for Security”.  The bottom line is that the world of IoT devices is suffering a security crisis.

But it isn’t just IoT. A report by PureSec recently reviewed the state of security in Serverless Open Source Applications.

Ory Segal, co-founder of PureSec, said that “personally, I was surprised by the fact that application security still seems like an afterthought when it comes to serverless architectures. It’s as if everything we’ve learned about application security in the past 20 years didn’t quite stick, or perhaps folks didn’t think it was relevant in the case of serverless.”

Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

Leave a Reply

Your email address will not be published. Required fields are marked *