* By Amir Velho
How to minimize the risks in the application life cycle in face of this equation
We have seen in the last decade the exponential growth of the participation of applications in the success of companies. Who knew 14 years ago that we would abandon DVDs and Blu-ray (at the time, recently released) to watch movies and series in streaming via apps? That we would stop buying CDs to listen to music on cell phones in applications whose collection goes back tens of millions of songs?
In 2019, around 400 billion apps were downloaded, providing an approximate turnover of US $ 190 billion in this market alone. It is estimated that more applications will be created in the next three years than in all of history.
What makes us think: how are these applications created? Is it possible that, in view of the demand for creating apps in an increasingly agile way, do your developers take into account the security of users who download the applications? In a world increasingly concerned with data protection, this issue cannot be left out.
The secret is in automation. Ideally, an application's Production Mat - analysis of the coding and development cycle - should be automated and with security parameters from the beginning, still in coding. The later a problem is discovered, the later the correction will take place, consequently, the costs for that correction will be higher than if the safety parameters had been established from the beginning. This gets even worse if the incident becomes so critical as to culminate in data exposure.
Investment in safety prevention throughout the application's life cycle reduces image losses, brand exposure and financial expenses.
In the current business scenario, companies needed to diversify. How many cases, besides those mentioned at the beginning of this article, do you know where the company is the application itself? Until recently, in many cases the company was the product.
It is possible to diversify the possibilities of services offered and, thus, more application development is necessary. As a result, the treadmills grow and so does the need for care.
Optimization
I think there are three important factors to be considered when creating an application: security, agility and scalability. In other words, to provide the agility and growth that the market needs, safely in all steps.
Generally, IT companies responsible for development sin on security issues to ensure agility. In the eagerness to have the application running to serve the consumer, they can make some mistakes:
They often think that the production conveyor (the application's production process) is correct, considering all factors, but when a closer look is taken, it is noticed that safety is impaired.
They still work with many manual processes. In this case, to work, the process must be very well written and the developer must be very good. But what if the company loses the developer? Lose the process! And you need to start all over again, spending time and money. This exchange of developers and consequent work methodology, certainly, can also bring security problems!
Security procedures are often not automated. Therefore, validations are not always performed in the same way, ensuring standardization.
And how can we resolve these issues?
I like to use the following equation from a security point of view: attack x vulnerability = incident.
If we manage to decrease the number of attacks on the application, we decrease the number of incidents. Likewise, if we manage to reduce vulnerabilities, we also reduce incidents.
By using the “Everything as a Service” (XaaS) model, that is, obtaining the best tools via the cloud and the best management as a service delivery, it is possible to relate the attacks and security breaches that are monitored worldwide and compare with the vulnerabilities of the applications that are on the Development Track. Then, reliable methods of protection are created, frequently updated and improved.
Intelligence
For the best application development process, it is necessary to put automation intelligence in each step, from the beginning of its life cycle. Thus, in each input rules and self-assessments are created, often using Artificial Intelligence itself.
With a well-structured tool, it is possible to assess whether the code is following a safe course. If there are any problems, pop-ups appear on the screen and warn the developer, who can even access videos and literature that show the best ways to proceed with the development.
This is the best way to get everything you need: agility, scalability and security. In the app age, these processes have become essential! Those who do not take them into account run the risk of not evolving in the increasingly emerging digital landscape.
* Amir Velho, product owner focused on information security at Agility
Notice: The opinion presented in this article is the responsibility of its author and not of ABES - Brazilian Association of Software Companies