What's ailing enterprise software security management?

What's ailing enterprise software security management?

Date: Mar 08, 2013

What are the pain points in enterprise software security management? It's not technology; it's people. Enterprise application security is complicated by the number of business units involved, most of which have insufficient incentive to join requirements and ongoing vulnerability efforts. Scaling application security calls for an enterprise-wide vulnerability management strategy, a means for disparate teams to collaborate on security, according to Dan Cornell and John Dickson, both principals at the San Antonio-based consultancy Denim Group.

"The security group has one reporting line, and then there are multiple groups with other reporting pipelines," said Cornell, who is also the resident software security expert on SearchSoftwareQuality.com. "There are so many people you have to get on board, and many of them are not getting bonuses in this area. Security and vulnerability management is adjunct and remote to what they're doing."

Conflicts come up even before business units are brought into the security process, said Dickson. "The security group has been in charge, but the people who can effect change are in the software group," he said. Yet even at this level, where the need for collaboration is obvious, getting the security side to collaborate can be challenging. "It's a harsh reality when scaling development," he said. 

If there's a barrier between two groups or people, look to others to collaborate. Sometimes the choice should be made on personality, so tap into app security evangelists in software, IT and business units for first efforts at a cohesive security program. "Once one or two groups start to show success with collaboration, others get the message," said Dickson. For security architects and managers, as well as CIOs and CEOs, "convincing the units to work together is a sales job."

More on Internet Application Security

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: