What is causing the disconnect between IT auditors and Web development?
This is an interesting dilemma in the enterprise. There are plenty of disconnects between developers and the rest of the organization -- even those working in IT -- which can be detrimental to the business.
There's often a technical disconnect, whereby IT auditors, especially the less tech-savvy ones, are completely out of the loop on what Web developers do -- and help prevent -- in terms of security. There's often a business disconnect, whereby both parties have different goals. IT auditors' goal might be to have a clean Web security assessment report, while Web development's goal might be to provide the most functional or resilient application environment. Both goals are worthy, but they're often completely separate, which can create a divide between the groups.
There's often a business disconnect, whereby both parties have different goals.
There can also be a political disconnect, which is often the strongest and most divisive kind. It's a situation I've seen, one where everyone is looking after himself, protecting his own job and interests without seeing the bigger picture of what needs to be accomplished for the business.
IT auditors tend to have the ear of management, and Web development is often seen as just another techie function that runs itself with little need for support or resources. As a result, I've seen developers literally beg and plead for better tools (i.e., source code analysis and vulnerability scanners) and more security training, and it continually falls on deaf ears. Auditors, on the other hand, are able to document a problem and present it to management, and the needed support is quickly provided.
I don't think it's a malicious disconnect. No harm is meant. It's just the way auditing and Web development have evolved, likely due to auditing's continuous connection with management and development's isolation. Developers and IT auditors can certainly have either a positive or negative impact on one another. It pays to get to know each other and to learn what's expected of their roles.
Kevin Beaver asks:
How would you define the disconnect between IT auditors and Web developers?
0 ResponsesJoin the Discussion
Related Q&A from Kevin Beaver
Mobile devices are coming enabled for VoLTE for voice and video calling, but what are the risks? Network security expert Kevin Beaver explains.continue reading
The Border Router Security Tool aims to improve router security to boost Internet safety. Expert Kevin Beaver explains its place in the enterprise.continue reading
False positive security alerts are troublesome, costly and time-consuming. Expert Kevin Beaver explains how to reduce the number of false positivescontinue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.