DZone talked with 25 IT security professionals and asked them how developers and security professionals can work together more effectively.
- Developers aren’t typically intentionally insecure in their approach — they just aren’t necessarily aware of organizational requirements or best practices. Another advantage of the security by design approach is that developers don’t have to be security experts, and security experts don’t have to worry about what developers might be doing. This gives IT leaders confidence their application network can flex to meet the changing demands being placed on it, at a speed which will keep the organization at pace with market forces. Teams can use visibility as the point of a shared objective. Visibility is great for security, but it’s also great for the business. The business wants to know what’s going on, they want to know who’s using it, they want to make data-driven decisions. Security wants that same data for a different purpose, they want to know who’s is using it to make sure that the data is safe and that only the right people have access to it. API-led connectivity provides a clear path to broad visibility.
- Developers have the attitude that “their shit doesn’t stink” – all of their code is secure. Check egos at the door for better collaboration with security. Talk about security and work together to solve the problem.