Virtualization Technology News and Information
Article
RSS
Mind the Pace Gap: Risks of Neglecting Security Practices

In today's tech-driven world, IT professionals face numerous challenges. Two of the most prominent ones are the need to release new content quickly and ensure that it doesn't have major security flaws. 

For example, when a popular app has a history of frequent software updates, the developers can meet customer requests and give people the impression that they're committed to making the app the best it can be. Those are good things. 

But, unfortunately, development teams sometimes release their newest versions so quickly that there is not enough time for security professionals to ensure they're free from problems. They may not even hear about new releases until after they happen. 

When the security team is fully aware of a new development project and can take the time to ensure it's secure and reflects all security protocols, the product is "sanctioned." However, there are cases when a department may launch an app without ever communicating with the security department. It's then considered "unsanctioned."

Unsanctioned Apps Cause the Pace Gap

Oracle named something called the Pace Gap to explain the difference in timelines followed by the development team and security team. Because the pace followed by the development team happens faster than the time required to secure an app, a gap results. As you can see from the image below, the pace gap can persist for several months. 

 

Source: https://blogs.oracle.com/cloudsecurity/closing-the-pace-gap

It may even be the case that a breach happens concerning an unsanctioned app, leaving security team members scrambling to deal with the matter much more than they would be if they were aware of a new app. 

The SecOps Gap Is a Related Matter

Oracle is seemingly the sole company that uses the Pace Gap terminology to describe this problem. However, there is another problem known as the SecOps gap that gets described very similarly. It occurs when the Security and Operations are not kept abreast of each other's activities. The two teams also don't share a mutual understanding of goals, priorities and challenges. 

What Consequences Could These Gaps Have?

If an app arrives on the market without security team members checking it for vulnerabilities and ensuring it meets security protocols, the user experience could drastically decrease, especially if some people have their private information stolen.

Also, since every individual within an organization must take responsibility for IT security, any unsanctioned apps could ultimately have ramifications on a company's reputation by making people doubt  its  commitment to security

How Can You Mind These Gaps?

The easiest way to address the pace app is for security and development teams to speak to one another from the beginning. Oracle even recommends devoting one month to planning for security-related concerns before app development starts. After that, the Security and Development teams work together so that they stay informed through the process.

 

Source: https://blogs.oracle.com/cloudsecurity/closing-the-pace-gap

It's also valuable to get everyone on the same page regarding what issues a pace gap can cause. For example, a pace gap can trigger problems related to identity and access management, regulatory compliance and more. Those things may be especially likely to happen with a product existing in the cloud. When people have a clear understanding of the risks that gaps cause, they'll understand the team effort required to mitigate them. 

If company leaders doubt that the pace gap is a severe problem that must get addressed, IT team members should attempt to show them the link between business performance and poor security practices.

If an app gets related quickly but eventually causes the company to receive a fine or deal with a data breach because of preventable weaknesses, any momentum the company hoped to gain is lost. 

Never Treat Security as an Afterthought

Companies cannot close the pace gap quickly, but one effective way to tackle it is to stay consistently concerned about security. Failing to view it as a priority could introduce avoidable problems.

##

About the Author

Kayla Matthews 

Kayla Matthews is a tech-loving blogger who writes and edits ProductivityBytes.com. Follow her on Twitter @productibytes to read all of her latest posts! 
Published Wednesday, January 22, 2020 7:15 AM by David Marshall
Filed under: ,
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
top25
Calendar
<January 2020>
SuMoTuWeThFrSa
2930311234
567891011
12131415161718
19202122232425
2627282930311
2345678