Industry Watch: Security first and foremost

by Jeremy

The SolarWinds and Colonial Pipeline hacks have brought security to the fore of software development. Once again. And again, our “thoughts and prayers” go out to the customers of those companies, and the companies themselves, harmed by the attacks. I say this because, not unlike the mass shootings that plague America — and please, do not mistake this metaphor as the conflation of killings and software breaches — we seem unable to get a handle on either.

cyber security 3400657 640

In both cases, I place the blame at the feet of the industries. Clearly, the gun industry has a vested interest in weapons proliferation, despite the human cost. In software, our industry has an interest in giving people the tools they need to move more quickly, pounding the business users of their platforms and devices with messaging that if they don’t deliver software faster, fickle humans will leave the store they love for another whose website responds a couple of seconds more quickly, or who can provide a package to your doorstep a few hours sooner.

Some might call this sinful, orbiting the hand that feeds us. That is not what this is meant to be. I am awed by the changes I’ve seen covering this industry for more than 20 years. Who could have even envisioned the cloud, Kubernetes, edge computing, or Infrastructure as Code back then? Yet, for all the advantages the cloud provides, we never saw the kinds of damaging hacks and data losses we’re seeing today when applications were run in on-premises data centers behind firewalls. With code that didn’t rely on calls to so many outside services, the attack vectors were minimal. Ransomware? Millions of social security numbers and credit card numbers stolen? Unacceptable and almost entirely preventable if our industry took security as seriously as it does speed to market.

Related Posts

Leave a Comment