I am the father of two children and I have been managing the development of software projects for a long time and the ever present explicit or implicit question is “Are we there yet?”. Which is another way of saying “How much longer till we get there?”.
It should be an easy question to answer. You know how many miles are left to drive, the map, and you know the speed limit. However, you may not know about traffic or construction on your route. And it turns out your children have a different perception of time. So the question keeps being asked.
Unfortunately, many software development projects don’t even know the destination, let alone how many miles are left to drive. They are always running into traffic, road blocks, the speed limit is unknown and sometimes there is no map.
To mitigate these problems many different approaches to address the development process have been created; e.g., Waterfall, Spiral, Agile … These approaches attempt to define the process that will give you a map that leads to your destination. Related to these are quality management processes such as Six Sigma, ISO 9000, Total Quality Management, CMM and ITIL, At the next level down there are many approaches to designing software such as Structured Programming, Object Oriented Programming, Design Patterns, Functional programming, and a myriad of variants. There are also a bunch of techniques for Quality Assurance testing including black box, white box, regression, functional, and system testing.
As an organization you need to choose which of these methodologies make sense for your organization. Depending on the size of the organization, the type of projects, the current team members and culture might dictate different approaches. The key to them all is to be able to set expectations and then meet those expectations.
The good news is that most organizations attempt to address how Quality Assurance fits into the development process. Many now realize that quality cannot be tested into a product that it needs to be part of the specification, design, and implementation phases as well.
Unfortunately, security is often the orphan child. It is either not addressed at all or it is only addressed at the end of the project. You can’t test security into the product. Just like quality it must be specified, designed, and implemented into the product/project.
So how do we know how long it is going to take to get there?
- Do we know the destination?
- Do we have a map?
- Do we know about traffic jams, construction, or road blocks?
- Do we have alternate routes if there is a problem?
- Do we have alternate destinations if all paths are blocked?
- Do we know when we should just cancel the trip?
You need to be able to answer these questions in order to have a successful project.
These concepts about the process of developing applications can also apply process designing your IT infrastructure. When evaluating the software to put on the network you need to come up with criteria that addresses not only the functionality but the quality and the security of that software. One needs to look at the whole environment to address the operational needs, keeping in mind quality and security. Savant Protection adds to security within the organization without sacrificing operational goals.
Savant Protection offers a flexible, low impact, easy to deploy, easy to manage layer of security that blocks unauthorized software, stops zero day attacks, prevents the creation of advanced persistent threats, prevents key loggers from running, and eliminates the need for many system rebuilds. It does this by automatically creating and maintaining an implicit whitelist of all executables on each computer system. It is a simple and effective layer of security that will only allow a process to run if it is on the whitelist.
Filed under: Security | Tagged: application white listing, Quality, Security | Leave a Comment »
