Long Tail Security Focus Kills Products in Engineering
The last 25 years have exposed old and new cybersecurity patterns. There is a primal draw to those hot and elite threat actors at the detriment of common security events. Based on my experience, historically building cloud service providers and commercial products, and today having worked with over 300+ deployed cloud subscriptions and 100s of products there is a practical cybersecurity method that prevails to achieve that ‘perfect balance’.
Strategy around deploying of resources — human and technical are paramount to winning in the market and simply having the best working environments. The better strategy we have, the better we are able to focus those vital engineering hours where they will benefit your customers the best.
The transformation of the legacy products into cloud enabled and native has exposed the technology to entirely new cybersecurity considerations. The shift in risks, technology, markets, laws, and businesses (through acquisition and divestiture) created an extreme challenge for the product engineering teams. Namely with a the need to develop at speed amidst these transitions, we, the cybersecurity engineering teams, bolstered the products with security features. Balance, deployment priority, and work patterns became paramount.
This is dictated by the technical debt of those environments. Everything from networking, routing, to agents installed within the system. Fixed IP addresses in scripts and static user credentials are not uncommon. The landscape here can be mitigated through close partnership with these engineering groups, and opportunity permitting the pre-deployment architecture efforts
We built these paradigms
We determined that there is a spectrum and within every product development cycle attention and care was required to ensure our products launched with the care and confidence expected by our customers. The foundation of our programs built upon the core elements, worked at speed across different development windows, and globally.
The slippery slope exists around how many risks truly matter and are EVERY risk presented as a nation state actor? It is convenient to say everything applies, but that is impossible to meet. Products need the market to decide their value and we must bring in such products to market quickly to gain that feedback.
Questions to consider
How do you balance your security requirements with product teams?
What risks do you include when in the Minimum Viable Product world?
How can you deliver products at scale in the world that meet industrial security requirements, while balancing the tidal wave of cyber controls.
You can see online how I breakdown this strategy from RSA on my public pages. Welcome as always, your feedback and additions!
- Current state of relevant security controls vs. long tail
- Case study of product engineering success and transformation
- Cloud and products details
- Sharing of risk model and balancing process
- How we engage leadership — marketing, CEO, and product teams
- Practical methods
Please like and share if this provided you any value!
As usual, if you liked this article, please support me by clicking LIKE and share it with your own feed! This is the best possible way that you can support me and my pursuit to share my insights, ideas, and research. If anyone has anything to add or comment on in this article, please feel free to share it with everyone below in the comments section! Learn more about me at my homepage at www.jamesdeluccia.com, LinkedIn, follow me on Twitter @jdeluccia, and soon listen on my podcast and Alexa skill briefings in the coming weeks!
I am a father, study of human behavior, strategist, cybersecurity veteran, and a coach and mentor on a journey to give more than I receive everyday. I lead teams globally, build products, and daily an executive for a leading company where I serve the largest companies in the world using the largest cloud deployments in the world impacting the financial services, healthcare, and fintech industries. I provide these publications and content through my media agency to deliver insights and advantages. Mindset, mental strength, mentorship, personal improvement, health, fitness, and humanist ideas are drawn from personal research and practice. Everything read and heard is my original works and my own perspective. All rights reserved for noted authors and sources. I produce research and strategy, as well as provide advisory services that include inquiries, briefings, consulting projects, and presentations on published findings as well as bespoke speaking engagements where I often keynote at conferences, seminars, and roundtables annually.