How To Fight Friction Between Security and Development Teams
There is a lot of discussion these days about the need to reduce or eliminate friction from customer experiences, whether it’s easing the process of finding and buying products online, slashing wait times to reach customer service representatives, speeding up delivery, or other efforts.
But what about addressing another kind of friction, the kind that exists between the software development and product security teams at organizations? Eliminating this friction isn’t just about making the development environment a more pleasant place to work; in a broader sense it’s about enabling organizations to produce more secure products.
Friction can ultimately cause members of development organizations to be out of sync. Security teams are under pressure to ensure that products hit the market without flaws and vulnerabilities that can lead to breaches. Their work is predicated on a security-first philosophy, and anything that goes against that is seen as a negative.
Development teams, on the other hand, are under pressure to write code and deliver quality products to the market as quickly as possible. Anything that gets in the way of that goal is viewed as a hindrance to productivity and success.
While security teams expect developers to take on more of the burden of security, developers don’t understand why they are being asked to do additional work on top of what they’re already doing. Given these two viewpoints, how could there not be friction when these two units come together?
As in other cases where there is friction, the two sides can end up avoiding each other. They stop communicating, or at best communicate sporadically or poorly. And if the security and development teams stop collaborating or are working at odds with one another, that could lead to big problems for the organization as a whole.
Friction can end up causing delays in product delivery, in some cases because products in the latter phases of the development lifecycle need to be revised continuously. It can also lead to insecure products, which in turn can result in data breaches and other incidents.
Research firm Ponemon Institute has noted that organizations are at risk when application security and development teams don’t have a common vision for delivering software capabilities needed by the organization, in a secure manner. There needs to be a fundamental agreement that security is integrated throughout the application development process, the firm said.
The existence of friction between security and development factions reinforces the need for automating security as part of the software development process. If it’s easier to implement security controls from the very beginning of the development lifecycle, in a way that does not burden the development team, that will reduce friction and at the same time increase security.
Security cannot be viewed as an afterthought, nor should it become burdensome to the development team. With the right tools in place, teams can identify and address possible vulnerabilities long before a product reaches the production phase. Greater harmony among security and development teams results in fast delivery of secure software.
Rezilion and GitLab CI together make it possible to eliminate friction between security and developers so you can innovate faster. Learn more about how our partnership is transforming DevSecOps and start your free 30-day trial today by visiting https://www.rezilion.com/sign-up-for-30day-free-trial/.
