Virtualization and Cloud executives share their predictions for 2017. Read them in this 9th annual VMblog.com series exclusive.
Contributed by William Hurley, Senior Director of Software Lifecycle Services, Astadia
Cloud-Based Software Development Accelerates
Adoption and use of cloud-based software engineering platforms will accelerate in 2017. Teams have been working in the cloud for a few years now, but in 2017, the trend will gain far more momentum as senior engineering staff and service providers realize and document the benefits of cloud-based development gains. Adoption will not be limited to open source or Microsoft solutions as all software engineering tool stacks are moving quickly to catch the adoption wave. Leading application lifecycle management companies are already delivering enhanced SaaS platforms for issue and backlog management, source code management, IDEs and testing, allowing for greater control among and between teams and environments. The elimination of "well, it worked on my machine" or "we fixed that bug last release" can be achieved by well-integrated and managed SaaS software engineering environments.
Organizations will discover that they have a great opportunity to reduce the cost and churn associated with installing, integrating and maintaining commercial and open source products on premise. Adopters of integrated cloud-based software engineering environments will see dramatically improved cycle times across the entire software development lifecycle.
I recommend that engineering teams evaluate their current software engineering environments and move to integrated SaaS engineering platforms to eliminate or control:
- Duplicate products and licenses costs.
- Internal or outsourced infrastructure delays.
- Manual, mundane and infrequent tasks.
- Zombie development and test environments.
- Nonstandard product, tool and library usage.
A New Focus on Layered Security and Defense in Depth Techniques
The rapid growth of cloud, mobile and IoT deployments will drive enterprises to reevaluate their security practices. The era of perimeter security is coming to an end because these newer technologies keep changing both the parties responsible and the accepted location of the perimeter.
Recent studies show that the time between a breach occurring and being detected is, on average, 229 days. As partners and managed services providers increase, it is incumbent on the enterprise to understand the data journey and what partner is responsible for its security during collection, transit and at rest.
Despite the challenges, cloud, IoT and mobile deployments aren't likely to slow down anytime soon, which is why 2017 will be the year when defense in depth and layered security become common practices. Enterprises have realized with all of the well-publicized security breaches that the risks to their brand reputation and financial well-being are simply too great.
These are two distinct and complementary strategies. Defense in depth uses physical, administrative and technical controls to slow down an attack until it can be ended. The defenses support each other to slow down the attacker. Layered security, on the other hand, looks at the various layers of the OSI networking stack. The most common layers may be the network and storage layer, but most see application layer security as the largest realm squarely under the responsibility of the enterprise.
That's why I predict we will see greater focus on security at the application layer. Development teams must stop thinking of security as an afterthought and integrate practices into application development from the very beginning.
About the Author
During his more than 20-year career, Will Hurley has ridden the crest of numerous software development and security waves. Mr. Hurley managed layered security initiatives for TBMCS and two national labs (LLNL and INL). After leaving the Air Force, he led startups and helped industry-leading companies identify, apply and adopt new application lifecycle models. As senior director for Astadia, Will helps clients achieve desired system and product lifecycle characteristics. He is a Level III Certified Acquisition Professional in Systems Engineering, Program Management. Will also holds a CISM from the ISACA and a QSA from the PCI Security Standards Council. For more information, visit http://www.astadia.com and follow Astadia at @AstadiaInc, Facebook/AstadiaInc, and LinkedIn/Astadia.
Mandiant, 2014 Threat Report, M-Trends, April, 2014