EXPERT OPINION
Proactive application security strategies for uncertain times
As cybercriminals take advantage of the fear and uncertainty surrounding the pandemic , it ’ s crucial that organisations ensure the software they build and operate is secure – despite reduced resources . Adam Brown , Associate Managing Security Consultant , Synopsys , talks us through the steps organisations can take to improve their application security programmes to protect organisational data and that of their customers .
Adam Brown , Associate Managing Security Consultant , Synopsys n 2020 ,
I organisations have been faced with the prospect of months of staffing and Business Continuity challenges . Concurrently , cyberattacks by opportunistic hackers and cybercrime groups looking to profit or further disrupt society are on the rise . Organisations must ensure the software they build and operate is secure against these increasing attacks , even as their available security resources may be decreasing .
And a remote workforce is only one of the challenges organisations face in terms of securing their digital properties and sensitive data . While many companies want to invest in security , they may not know where to start . After all , it ’ s a challenging endeavour to identify where and how to secure your most valuable or vulnerable projects .
It ’ s a daunting task . However , by tactically addressing their security testing capacity , staff skills and software supply chain risks today , organisations can respond to resource challenges now while fundamentally improving the effectiveness of their AppSec program going forward . Here ’ s how .
Establish a benchmark and mature your strategy
Get started by gathering a full understanding of what your organisation ’ s security activities involve . The Building Security In Maturity Model ( BSIMM ) is not a how-to guide , nor is it a one-size-fits-all prescription . A BSIMM assessment reflects the software security activities currently in place within your organisation . Thus , giving you an objective benchmark whereby to begin building or maturing your software security strategy .
The BSIMM , now in its 11th iteration , is a measuring stick and can be used to inform a roadmap for organisations seeking to create or improve their SSIs , not by prescribing a set way to do things but by showing what others are already doing .
Previous years ’ reports have documented that organisations have been successfully replacing manual governance activities with automated solutions . One reason for this is the need for speed , otherwise known as feature velocity . Organisations are doing away with the high-friction security activities conducted by the software security group ( SSG ) out-of-band and at www . intelligentciso . com | Issue 31
41