Balancing Speed and Security in Software Development
The rise of agile methodologies has resulted in faster, more responsive development.
Faster isn’t always better, though.
Security threats are a growing problem, and pushing too hard for fast development can leave an app vulnerable to attack.
The leadership team has to find strategies to maintain the balance between speed and security.
Rise of Agile Development
The roots of agile development can be traced back well before the Agile Manifesto was first drafted in 2001.
Business owners were becoming frustrated by inefficient development practices that drew the process out over as much as a decade.
A distressing number of projects wound up obsolete before they were even finished.
The Waterfall Method was meant to provide a more flexible planning structure, but in practice it failed to deliver on that promise.
Gartner described the situation neatly: “CIOs are under pressure to support fast-evolving digital business scenarios but are finding traditional project and development methods unsuitable.”
Enter agile development.
Agile supports fast, iterative software development that allows developers to fine-tune features in response to feedback.
It’s a lightweight, adaptable solution.
Its benefits are so clear that 95% of developers use at least some agile methodologies (up from 80% in 2011).
However, speed isn’t the only thing that needs to be considered.
Growing Security Threats
If there’s one thing that can damage a company’s reputation faster than a product failure, it’s a data breach.
31% of consumers affected by a major data breach will abandon a company, and 65% report less trust in the company’s ability to handle their personal information.
A major security break does more than lose public trust; it can be devastating to a company’s bottom line.
Yahoo’s 2012 data breach caused the company’s value to drop an estimated $1 billion.
Even a minor incident can cause a stock drop of 5% or more.
Despite the very real threat of malicious activity, companies aren’t taking the proper precautions to protect their apps.
Nearly 75% of apps produced by contractors and Software as a Service (SaaS) providers fail to prevent OWASP’s Top Ten, a list of the ten most critical security flaws that no software should have on delivery.
Sometimes these flaws are oversights. 80% of executives say the demanding pace of app development makes it hard to know what’s safe and what isn’t.
Other times, testing is trimmed to almost nothing in order to meet tight deadlines.
Either way, security flaws put the company is at more risk than fallout from a late product release.
Finding Middle Ground
83% of CIOs say they need to balance security concerns with meeting market deadlines.
To find that sweet spot between quality and speed, keep these four tips in mind.
Choose a developer with a good security record. Taking the lowest bid for a project without checking past projects is a gamble leadership should never take.
Make speed and quality equal priorities. Bugs compromise security, and since fixing a bug after release is four to five times more expensive, sloppy testing procedures can cost more than faster development saves.
Use agile testing tools and test case management solutions. There are testing tools specifically designed for agile development, and using these makes development faster as well as more secure.
If the timeline is very short, don’t take shortcuts in testing. Instead, cut time by cutting features that can be added in later updates. This will have the added benefit of letting user feedback shape the scope of those new features.
The Best of Both Worlds
If you’re working with a quality software developer, speed and quality don’t have to be mutually exclusive.
Emphasize the importance of security, and be willing to hear suggestions for how to cut time without cutting corners.
With these precautions, your company won’t be one of the 1,000-plus data breaches expected in 2017.
Worried about security? Talk to Concepta about how we can make your next app more secure.