According to the World Quality Report, IT Security is the most pressing concern for CIO’s. It is understanding given many of the recent issues with email hacking, stealing of customer information such as credit card information, and identity theft. Our society is so connected through the internet and devices that information is widely available and can be stolen, if individuals and companies are not extremely careful. Information was contained in applications behind corporate firewalls so IT security was fairly isolated and controlled. With information being stored in multiple locations including the cloud and shared across all kinds of applications and devices, it is easier for that information to be stolen. The amount of data that is being stored and distributed is also a concern since there is a lot more information available.
Historically companies have not spend a whole lot of money or resources to ensure IT information is protected. Most companies didn’t have dedicated resources who were responsible for IT security. If something was needed, it would be contracted out to consultants. That has changed and companies now have dedicated employees who are responsible for IT security. Digital transformation and more IOT devices will demand more focused attention. It is important for CIO’s and IT executives to remember that the reputation and continued company success is highly dependent on protection of data.
IT security is protected using a combination of static code analysis, dynamic security testing, and penetration testing. There are many tools on the market today that will help with IT security. There is more attention and dedicated security testers in the last few years. My current company has 2-3 testers who are responsible for dynamic code scanning. With an increase in better technology and tools it makes security testing much easier than it was 10 years ago. Automated security tools are required in the area of IT security.
I hope this information has been helpful.
If you would like more information on Agile, DevOps or Software Testing, please visit my Software Testing Blog or my Software Testing YouTube Channel.