Application Security as part of IT Governance
Applications and computer systems are usually developed for functionality first, not security first.
To get the best of both worlds, security and functionality would have to be designed and developed at the same time. Security should be interwoven into the core of a product and provide protection at different layers. This is a better approach than trying to develop a front end or wrapper that may reduce the overall functionality and leave security holes when the product has to be integrated with other applications.
Today, network and security administrators are in an overwhelming position of having to integrate different applications and computer systems to keep up with their company’s demand for expandable functionality and the new gee-whiz components that executives buy into and demand quick implementations. This integration is further frustrated by the company’s race to provide a well-known presence on the Internet by implementing web sites with the capabilities of taking online orders, storing credit card information, and setting up extranets with partners. This can quickly turn into a confusing ball of protocols, devices, interfaces, incompatibility issues, routing and switching techniques, telecommunications routines, and management procedures—all in all, a big enough headache to make an administrator buy some land in Montana and go raise goats instead.
On top of this, security is expected, required, and depended upon. When security compromises creep in, the finger-pointing starts, liability issues are tossed like hot potatoes, and people might even loose their jobs. An understanding of the environment, what is currently in it, and how it works, is required so these new technologies can be implemented in a more controlled and comprehendible fashion.
The customer front-end, complex middleware, and three-tiered architectures must be developed and work seamlessly. As the complexity of this type of environment grows, tracking down errors and security compromises becomes an awesome task.
