While shadow IT was always a challenge for enterprise IT teams, it rapidly started to accelerate with the growth of the smartphone, and then cloud computing with the incredible expansion of public cloud infrastructure and software as a service offerings that made it as easy as providing a credit card to access a cloud service. Today, shadow IT has spread beyond smartphones, tablets, and cloud services and is rapidly extending into the domain of the enterprise developer.

The trend could create profound risks for enterprise security teams if these shadow, or citizen, developers, aren’t reined.

To read this article in full, please click here

When it comes to creating secure applications, nothing beats focusing on the basics: secure coding in development and then testing the application for security defects. Part of the testing regime should always include an in-depth application pen test. But how do organizations know they are getting the full benefit from such assessments?

What goes (or should go) into developing application security is well known. Developers should have their code vetted in their development environment. Their code should go through a series of quality and security tests in the development pipeline. Applications should be vetted again right after deployment. And, after all of that, it’s very likely that more vulnerabilities exist in the application that have yet to be uncovered.

To read this article in full, please click here

There’s been considerable talk in recent years about the importance of cybersecurity information sharing. After all, few organizations can really work in a vacuum and no single organization can see all of the threats laying in wait on the internet.

And many CISOs find it helpful to share notes with others in their industry to compare which strategies and practices work best and compare program maturity levels. But the nearly two-decade effort to share such information hasn’t been smooth.

Many organizations are wary of sharing sensitive cybersecurity information, especially with governments. Not only can such information jeopardize the security posture of an organization, it can damage customer impressions of a company and even affect stock values.

To read this article in full, please click here

As enterprises struggle to keep up with their internal demand for mobile apps, more are turning to more speedy development workflows, such as the Minimum Viable Product (MVP) , which essentially calls for mobile development teams to focus on the highest return on effort when compared to risk when choosing apps to develop, and features to build within them. That is: focus on apps and capabilities that users are actually going to use and skip those apps and features they won’t.

Sounds simple, but what does that mean when it comes to security? We know application security is one of the most important aspects of data security, but if software teams are moving more quickly than ever to push apps out, security and quality assurance needs to be along for the process. 

To read this article in full, please click here