By Sean Arrowsmith
I’ve recently been working closely with a couple of our key clients – one a large financial services company and the other a large broadcast media firm. It has been really encouraging to see that they are now focusing on security in the software development lifecycle.
For many years the security industry has been championing the approach of ‘baking in security’ from the very start of software development. It now finally seems that the marketplace is beginning to really pick up on the significant benefits of considering security early and not as an afterthought when things have gone terribly wrong.
I’m definitely not saying that all companies fail to take a proactive approach to software security. However, very often resource limitations, time constraints and the drive to get products to market as quickly as possible leaves little room for a focus on security during the development lifecycle.
What companies now seem to be realizing is that a security breach will override any commercial pressures and result in an instant brake in proceedings. In the worst case scenario, businesses can lose millions of dollars in planned revenue, lose their customer’s sensitive data and even make front page news for all the wrong reasons.
A key question regarding this development is: Why now?
I believe that software has now become vital to business operations. Furthermore, the more business devices increase, the more these devices must connect via software. Software is no longer a component required to launch specific and sometimes siloed platforms, but the infrastructure that businesses require in order to operate on a day-to-day basis. This business necessity is the deciding factor with regard to considering security.
For me, software development lifecycle security delivers the following benefits:
- Fixing security issues early and often avoids any reliability issues
- An increased visibility of security posture throughout the entire development lifecycle
- Avoids the significantly higher costs of addressing security problems post release
- Significant return on security investment
- And, finally, as a result of all of the aforementioned…fewer security incidents!
Sean Arrowsmith is IRM’s commercial director. He is responsible for agreeing, achieving and maintaining all of IRM’s commercial relationships. He has over ten years of experience in the information security industry – meeting the requirements of various industry sectors, such as retail, banking, gaming and gambling, healthcare and the public sector. His expertise lie in understanding C-level individuals' concerns and the desire to transform their company’s information security function.