What is causing the disconnect between IT auditors and Web development?
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
This is an interesting dilemma in the enterprise. There are plenty of disconnects between developers and the rest of the organization -- even those working in IT -- which can be detrimental to the business.
There's often a technical disconnect, whereby IT auditors, especially the less tech-savvy ones, are completely out of the loop on what Web developers do -- and help prevent -- in terms of security. There's often a business disconnect, whereby both parties have different goals. IT auditors' goal might be to have a clean Web security assessment report, while Web development's goal might be to provide the most functional or resilient application environment. Both goals are worthy, but they're often completely separate, which can create a divide between the groups.
There's often a business disconnect, whereby both parties have different goals.
There can also be a political disconnect, which is often the strongest and most divisive kind. It's a situation I've seen, one where everyone is looking after himself, protecting his own job and interests without seeing the bigger picture of what needs to be accomplished for the business.
IT auditors tend to have the ear of management, and Web development is often seen as just another techie function that runs itself with little need for support or resources. As a result, I've seen developers literally beg and plead for better tools (i.e., source code analysis and vulnerability scanners) and more security training, and it continually falls on deaf ears. Auditors, on the other hand, are able to document a problem and present it to management, and the needed support is quickly provided.
I don't think it's a malicious disconnect. No harm is meant. It's just the way auditing and Web development have evolved, likely due to auditing's continuous connection with management and development's isolation. Developers and IT auditors can certainly have either a positive or negative impact on one another. It pays to get to know each other and to learn what's expected of their roles.
Kevin Beaver asks:
How would you define the disconnect between IT auditors and Web developers?
0 ResponsesJoin the Discussion
Related Q&A from Kevin Beaver
When replacing an email security gateway, should a Web security gateway be used or another email gateway? Expert Kevin Beaver explains.continue reading
Expert Kevin Beaver explains how organizations should address end-of-software development dates, and what they ultimately mean to enterprise security.continue reading
Are read-only domain controllers a more secure option for setting up domain services in a DMZ than using a separate domain? Expert Kevin Beaver ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.