Where do you see the industry evolving when it comes to developing or deploying secure products from the start?

888 views1 Upvote3 Comments

Senior Director, Technology Solutions and Analytics in Telecommunication, 51 - 200 employees
At the end of the day, balancing security with user experience is what we want to do. And I think the only real good example of that today is Apple with touch ID and face ID. Everyone is used to that: you look at your phone and it automatically unlocks. So I think that's going to continue to evolve, whether it's some sort of biometrics or fingerprints, etc. I'm sure someday it will be some chip embedded in you, that's probably the future. I could see passwordless authentication where you’re just getting Azure MFA notifications on your Apple watch and you just have to click okay to authenticate.
Sr. Director of Enterprise Security in Software, 5,001 - 10,000 employees
The one big difference I've seen industry-wide in the last 18 months or so, is the “shifting left” of security into the build process. When I'm doing architecture reviews of applications now, I'm doing the security review very early in the design phase of the app and not at the end when we’re about to launch it. There was one review not too long ago where they were ready to launch an application when they asked me, "What do you think?" And I said, "Well, this is great, as long as none of our customers are in Europe or California." They looked at me like I was an idiot because that's where most of our customers will be. But it absolutely would have failed any privacy regulation we had to throw at it.

If you’re not doing the security review early on, you end up having to break someone's heart and tell them that their months of hard work need to be completely redesigned around how they're storing PII information, etc. So let's do it at the beginning so that I can help you with how to design and architect it.
CEO in Manufacturing, 11 - 50 employees
If you don't design the security aspects at the beginning, it's just so hard to go back and do anything. Then you're basically crushing someone's dreams because now they have to take what they’ve built and rebuild it in order to re-architect how it operates because it won't function the way it needs to be to be secure. 

Uber did some cool things as far as how they approached this. The whole point was to make it as simple as possible. Everything was about minimizing the amount of steps drivers had to take to onboard or interact on the platform. But there were still the same problems that all of us face from a security standpoint, it was still multi-factor authentication. It's the same loops because there hasn’t really been an innovation that has made it simpler.

Content you might like

An excellent language that has a bright future21%

A great language that enabling rapid MVPs, but not full products53%

Somewhat sustainable but should look to be sunset22%

A dead or dying technology5%


567 views3 Upvotes

CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
Read More Comments
41k views131 Upvotes319 Comments