For example, you might invest heavily in automating your testing process to make your developers more efficient. Sometimes, investments can also be misplaced, causing your team to miss out on the expected value. Other things matter, too: Is the path to proposing, testing and deploying changes always open when an urgent need arises? Even if the path is open, what is the minimum time from creating a branch until deploying to production? ![]() A uniform change management process that supports new features and security patches alike can help. Another project might need improvements to code review and merge workflows to clear the path to high-certainty, timely security responses.Ĭarrying out updates should feel routine for both developers and security professionals at your organization. For example, a better staging/CI pipeline might provide the certainty to apply patches. ![]() Understanding how security practices interact with (or conflict with) core business needs will help you implement effective strategies that mitigate risks and (finally!) allow you and your team to meet both security and business goals. A lost revenue incident can shake certainty around quickly applying updates for years. For example, there may be fear around patching because a past update halted operations while developers hunted for a root cause. Building this understanding can reveal why ‘obvious’ security-centric practices fail to occur. You’ll also need to understand how the business uses its websites – and measures success on those sites. Understanding these situations takes more than purely technical knowledge. Namely, there’s usually a conflict between the ‘obvious’ security improvement and getting other work done. However, when security seems to have obvious gaps, there’s often another explanation lurking, usually tied to business value. Out-of-date systems are problematic on their own. Start with a mindset of curiosity, and you can find the practical problems that hold up security fixes being deployed. Rather than charging in to demand why patches have not been installed, you should find out what the approach is and why updates have not been put in place yet. Perhaps the website is on an outdated version of its content management system, or a plug-in is missing a critical update. Just like your doctor may advise you to stop smoking or exercise more, your security strategy should include basics like patching vulnerabilities and controlling access to services and data.Īt this point, you may already find some situations that frustrate you. Like a trip to the doctor for an annual checkup, there are some security basics that apply to everyone. Here are some areas you can focus on to improve your team’s approach and ensure that you support the business effectively. In WebOps, improving security involves understanding how people work and the psychology behind why decisions get made. For example, you may rely on your website team to make updates and keep things secure. ![]() ![]() Multiple stakeholders across your organization share responsibilities as part of a website operations (WebOps) process. You cannot hold everything together alone, though. This means that managing security for website infrastructure is critical to a growing proportion of businesses. Businesses rely on their digital channels to serve customers more than ever, either directly through e-commerce sites or indirectly through providing information and customer support. According to the Centre for Retail Research, more than a quarter (26.5%) of retail activity took place online in the UK in 2022, with similar growth in countries like Germany (19.6%) and the US (18.8%). Business increasingly takes place online.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |