By William Hurley from Astadia

Adoption and use of cloud-based software engineering platforms will accelerate in 2017. Teams have been working in the cloud for a few years now, but in 2017, the trend will gain far more momentum as senior engineering staff and service providers realise and document the benefits of cloud-based development gains. Adoption will not be limited to open source or Microsoft solutions as all software engineering tool stacks are moving quickly to catch the adoption wave.

Leading application lifecycle management companies are already delivering enhanced SaaS platforms for issue and backlog management, source code management, IDEs and testing, allowing for greater control among and between teams and environments. The elimination of “well, it worked on my machine” or “we fixed that bug last release” can be achieved by well-integrated and managed SaaS software engineering environments.

Organisations will discover that they have a great opportunity to reduce the cost and churn associated with installing, integrating and maintaining commercial and open source products on premise. Adopters of integrated cloud-based software engineering environments will see dramatically improved cycle times across the entire software development lifecycle.

Recommendations

I recommend that engineering teams evaluate their current software engineering environments and move to integrated SaaS engineering platforms to eliminate or control:

  • Duplicate products and licenses costs.
  • Internal or outsourced infrastructure delays.
  • Manual, mundane and infrequent tasks.
  • Zombie development and test environments.
  • Nonstandard product, tool and library usage.

A New Focus on Layered Security and Defence in Depth Techniques

The rapid growth of cloud, mobile and IoT deployments will drive enterprises to reevaluate their security practices. The era of perimeter security is coming to an end because these newer technologies keep changing both the parties responsible and the accepted location of the perimeter.

Recent studies show that the time between a breach occurring and being detected is, on average, 229 days. As partners and managed services providers increase, it is incumbent on the enterprise to understand the data journey and what partner is responsible for its security during collection, transit and at rest.

2017 common practices

Despite the challenges, cloud, IoT and mobile deployments aren’t likely to slow down anytime soon. This is why 2017 will be the year when defence in depth and layered security become common practices. Enterprises have realised with all of the well-publicised security breaches that the risks to their brand reputation and financial well-being are simply too great.

These are two distinct and complementary strategies. Defence in depth uses physical, administrative and technical controls to slow down an attack until it can be ended. The defences support each other to slow down the attacker. Layered security, on the other hand, looks at the various layers of the OSI networking stack. The most common layers may be the network and storage layer. However most see application layer security as the largest realm squarely under the responsibility of the enterprise.

Security as the first step

That’s why I predict we will see greater focus on security at the application layer. Development teams must stop thinking of security as an afterthought and integrate practices into application development from the very beginning.

 

williamhurley

During his more than 20-year career, William Hurley has ridden the crest of numerous software development and security waves. Mr. Hurley managed layered security initiatives for TBMCS and two national labs (LLNL and INL). After leaving the Air Force, he led startups and helped industry-leading companies identify, apply and adopt new application lifecycle models. As senior director for Astadia, Will helps clients achieve desired system and product lifecycle characteristics. He is a Level III Certified Acquisition Professional in Systems Engineering, Program Management. Will also holds a CISM from the ISACA and a QSA from the PCI Security Standards Council. For more information, visit http://www.astadia.com and follow Astadia at @AstadiaInc, Facebook/AstadiaInc, and LinkedIn/Astadia.