Have an account?

  •   Personalized content
  •   Your products and support

Need an account?

Create an account

What the shift to Agile means for your security team

Better security with Agile

A move to agile development can greatly improve the quality and security of software

    Renee Robinson Stromberg, Head of Tail-f Marketing

    Agile helps promote faster software development. Some of your business colleagues might fear that this focus on speed leads to a drop in quality. The good news for network service providers is that a move from waterfall to Agile development can actually improve the quality and security of software.

    Network service providers that adopt Agile must make security a core element of their approach. The successful move towards agility depends on a strong awareness of the cyber threat at every stage of the development process. The critical role of security in Agile creates a challenging but exciting opportunity for security professionals in your business.

    Understand how Agile is a new way of working

    A move to Agile is a big change for IT professionals, particularly security staff who might be used to working in a waterfall method. Rather than developing software through a series of sequential steps, Agile is an iterative process, where small groups produce results to short time frames.

    Some IT professionals fear this fast pace of development creates new challenges. They believe the fast style of Agile means bugs can be missed. In fact, the opposite is true – Agile provides structure and ensures quality.

    Think of the way software is developed in a traditional waterfall method. Employees in service providers often face Chinese walls. There are barriers between networking teams, security specialists and other areas of the business. These departments work in silos rather than as a single team, and business and technical demands are not communicated clearly.

    This lack of integration can create big security concerns. The security team that manages firewalls and detection intrusion might not work closely with network engineers. Potential issues can be missed as development moves to the next stage of the waterfall process. Security then becomes an add-on, rather than a core element of the development process.

    Service providers must instead look to bake security into every step of the software development process. Agile provides the means to move towards this integrated form of development. Rather than being an afterthought, security sits at the core of a great Agile approach – but you will need to work hard to ensure this crucial role is achieved.

    Focus on making security a core element of your Agile team

    The first crucial step is to ensure the right people are in the room. Agile relies on small teams who work together to develop products quickly. Bringing experts together helps prevent confusion and creates targets. Your Agile team should include key players, such as the product manager, network engineer, programmer and – most importantly – the security expert.

    Your next aim should be to understand how these skilled individuals work as an agile team to pull together a working prototype. The security expert should ensure project teams focus on cyber threats at each iterative step. A central role for security in an Agile team helps promote an end-to-end focus on potential risks. Rather than being an afterthought, the cyber threat is always present.

    This joined-up approach to development helps prevent loose ends in enterprise security. A lot of the errors in networking, for example, are tied to misconfigurations in access control lists. Another potential problem area is when an element of the security firewall becomes out-of-date.

    Agile helps reduce these risks by promoting end-to-end threat detection across the network. Service providers that adopt an agile approach understand potential security threats as they develop services for their customers. A joined-up strategy means your business is aware of any security concern as it hits the pipes, while it is in the pipes and even afterwards.

    Great tools are essential to helping security staff work effectively in an agile approach. The correct blend of technology and skilled professionals can help your business develop great software quickly. The three steps to Agile success are to make sure your service is tested, working and securely deployed into the network. The end result is a well-honed, well-targeted and well-produced service.

    Ensure you have access to the right skills in your team

    Be aware that great Agile specialists are likely to be in high demand. Programmers are an essential component of your Agile teams. Most of our successful customers also have access to network engineers who understand their specialist area deeply. These network engineers can then be taught basic programming to bolster their expertise.

    Security, however, is one area that cannot be easily learned. As we have seen above, a thorough awareness of the cyber threat plays a crucial role in a successful agile team. Service providers need security specialists who understand the risks and can talk clearly about the aims of their work.

    The key message is to look carefully across all aspects of the cyber threat. Remember that security is a crucial but niche subject area. Your business might not have access to top-level skills in-house. Service providers that do not have access to skills must reach out to external partners that do. Effective security partnerships can provide a great way to upskill your team and reduce risk.

    Potential sources of security expertise include consultancies, vendor partners and contractors. Working with external partners for security might seem like an unusual step, especially for firms that keep a tight grip on data. However, the key lesson is no one person can expect to stay on top of the fast-moving cyber threat.

    Timing is everything

    Network service providers also need to take advantage of real-time security updates. The cyber threat evolves on a daily basis. Blacklists and whitelists need to be constantly updated. Your business cannot afford to rely on static security rules. Make sure you use a real-time hosted solution that helps your Agile team keep its systems safe and secure.

    Security in the digital age is a moving target. The cyber challenges that your business faces are constantly shifting. The Agile environment that you develop must take the dynamic nature of security into account. The key to success is a continuous feedback loop that includes great processes and skilled professionals.

    Find out more

    Agile is a way to help your team develop great solutions quickly, but speed should not be confused with cutting corners. There are no shortcuts when it comes to managing the risks associated with cybersecurity. However, Agile can help your business develop more effective solutions to new customer demands. Find out how, here.