4/22/2016

Developers Shouldn't Be Responsible For Security - Forbes



 Tech

Developers Shouldn't Be Responsible For Security APR 21, 2016 @ 12:34 PM

223 VIEWS

Tom Gillis

CONTRIBUTOR

I write about directions in cloud, security and enterprise computing. FOLLOW ON FORBES (93)

Starting At

   

29,010

$

Opinions expressed by Forbes Contributors are their own.

MSRP* FULL BIO 

THE 100% ELECTRIC 2015

NISSAN LEAF ®

An interesting “separation of church and state” conundrum is bubbling up in the software industry. While the new public cloud model demands developers to take ownership of security, there’s still room and reason for security controls to become an

*More Price Information As  Shown  $36,790  MSRP  2016 LEAF  SL,  other  optional  equipment shown, see dealer for details

SHOP NOW

http://www.forbes.com/sites/tomgillis/2016/04/21/separate-is-good-developers-shouldnt-be-responsible-for-security/#774963737560

BUILD

1/6

4/22/2016

Developers Shouldn't Be Responsible For Security - Forbes

entity handled on their own—separate and transparent from the developer. Historically developers have focused on developing software, not on configuring a security posture, but that model has changed of late. In today’s dev-ops world, everything has converged. The software developer has become responsible for many operational aspects, including security. A lot of this change stems from the rise of the self-service model. Developers go to AWS and they’re on their own; nobody else is in charge of security. Therefore, software developers have to think about security—how do I set up access control, how do I set up security groups, and how do I encrypt data, or not? Security controls are built into the developer workflow. As I see the world evolving, I believe IT needs will drive us back to a paradigm where security controls are independent of developer activity. There’s a strong appetite on the part of customers to have a set of controls that are managed independently of developers and operations. I think that’s a good thing. Why is separate good? Because security requires focus. The job of developing software requires tools and capabilities that are different from the job of designing security tools and enforcing them. And organizations can http://www.forbes.com/sites/tomgillis/2016/04/21/separate-is-good-developers-shouldnt-be-responsible-for-security/#774963737560

2/6

4/22/2016

Developers Shouldn't Be Responsible For Security - Forbes

hold each party accountable for what they are focused on—developers rapidly produce new business logic, while security teams balance risk and efficiency to keep the enterprise safe. New technological advances will enable this shift back to putting control in the hands of central IT. As the hybrid cloud evolves, we’ll see a whole class of controls that are totally transparent to the developer. These controls are like an invisible fence that you have in your yard—your dog can run all around the yard, but when Fido tries to run out of bounds, the fence stops him. This invisible fence enables developers to launch servers, create new databases, and test their applications—but the data is always going to be encrypted. Residency and access control policies will be enforced, and the developer doesn’t need to think about those things or have the ability to make mistakes that defeat those capabilities. Security will live on a plane that is almost orthogonal to the plane of the developer. These advances will be applied through automation. Automated security products that are tightly integrated with infrastructure can provide the assurances that customers need, underneath the tools that developers use. Developers can then launch their servers and put stuff out http://www.forbes.com/sites/tomgillis/2016/04/21/separate-is-good-developers-shouldnt-be-responsible-for-security/#774963737560

3/6

4/22/2016

Developers Shouldn't Be Responsible For Security - Forbes

there, but the security team can be assured that their compliance requirements, data residency requirements, and key rotation policies are all going to be met. By making the security controls fully automated and transparent, they will never get in the way of the application developer, allowing both groups to achieve their objectives—to provide rapid new application development and security assurance. Recommended by Forbes



The Future of Security: Isolation

CommunityVoice: Must-Ask Questions For Potential Software Developers

  Comment on this story



Report Corrections



Reprints & Permissions

SEE ALSO TOP HOME

BUSINESS

BEST

ADVANCED

TOP

SECURITY IN

SECURITY

NETWORK

http://www.forbes.com/sites/tomgillis/2016/04/21/separate-is-good-developers-shouldnt-be-responsible-for-security/#774963737560

4/6

4/22/2016

Developers Shouldn't Be Responsible For Security - Forbes

From the Web

Ads by Revcontent

This Shaving Startup Is Dominating. Here's HARRY'S Why

Ditch The Mattress Store ­ Find Out Why Sleep Experts LULL Are Raving About

6 Most Common Employee Lawsuits

Homeowners Who Have Not Missed A Payment in 3 Years COMPARISONS Are In For A Big

23 Celebrities You Would Never Guess Are Actually Black

You're In For A Big Surprise in 2016 If You Own A Home in MORNINGFINANCE CA

POPHITZ

TRUSTEDCHOICE.COM

CBD Oil Now Available In CA, Says Hemp HEALTHY REPORT Company

1 Easy Exercise That Destroys High Blood Sugar SMART BLOOD SUGAR

http://www.forbes.com/sites/tomgillis/2016/04/21/separate-is-good-developers-shouldnt-be-responsible-for-security/#774963737560

5/6

4/22/2016

Developers Shouldn't Be Responsible For Security - Forbes

http://www.forbes.com/sites/tomgillis/2016/04/21/separate-is-good-developers-shouldnt-be-responsible-for-security/#774963737560

6/6

Developers Shouldn't Be Responsible For Security - Forbes.pdf ...

4/22/2016 Developers Shouldn't Be Responsible For Security - Forbes. http://www.forbes.com/sites/tomgillis/2016/04/21/separate-is-good-developers-shouldnt-be-responsible-for-security/#774963737560 1/6. APR 21, 2016 @ 12:34 PM 223 VIEWS. Starting At. $29,010. MSRP*. THE 100% ELECTRIC 2015. NISSAN LEAF.

581KB Sizes 1 Downloads 202 Views

Recommend Documents

Be Cooperative... Like Your Users Developers
fine basic rules of cooperative conversation: 1. ... tion prompt for the purchase of a plane ticket: Alright, from ... alog shouldn't set the user up to expect the system.

M101P: MongoDB for Developers
Authenticity of this certificate can be verified at http://education.mongodb.com/downloads/certificates/15f46bbaa2244e01a2ac228e5fe9557b/Certificate.pdf.

User experience can be captured with a single ... Developers
metrics and track the ones that are important to your users' experience. MYTH 2. User experience can be captured with a single “representative user.” Real-world performance is highly variable due to differences in users' devices, network connecti

Google Pay Brand Guidelines for Developers Developers
May 2, 2018 - instructions for using the Google Pay buttons, logo, mark, and text .... Use the Google Pay mark with other brand identities in “credit card” format.

pdf-147\i-shouldnt-even-be-doing-this-and-other-things ...
Retrying... Download. Connect more apps... Try one of the apps below to open or edit this item. pdf-147\i-shouldnt-even-be-doing-this-and-other-things-that-strike-me-as-funny-by-bob-newhart.pdf. pdf-147\i-shouldnt-even-be-doing-this-and-other-things-

Google Sign-In for Luxe Developers
available on ​iPhone​ & ​Android​, transforms parking from a necessary evil to a daily highlight. 30% - ​Increase in registration rate with Google Sign-In.

Google Sign-in for Doodle Developers
Doodle implemented Google Sign-in on both its iOS and Android apps. The implementation was simple, taking only an hour to implement on the An- droid app.

wordpress tutorial for developers pdf
Sign in. Loading… Whoops! There was a problem loading more pages. Retrying... Whoops! There was a problem previewing this document. Retrying.

Contract Advisory Systems Developers and Systems Developers ...
Conducts and/or participates in Operability and System Integration testing of ... Contract Advisory Systems Developers and Systems Developers 2015.pdf.

Lie algebras and algebraic curves responsible for Bäcklund ...
differential coverings of a PDE can be described in terms of actions of the ... These algebras help to construct and classify Bäcklund transformations.

jasperreports for java developers pdf
Whoops! There was a problem loading this page. Whoops! There was a problem previewing this document. Retrying... Download. Connect more apps... Try one ...

(Contestant) INSTRUCTIONS FOR PARENT OR ... Developers
This form may also be filled out online. Ask the .... principal place of business at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. ... (iv) otherwise prohibited by applicable export controls and sanctions programs. (b) .... You are eligibl