{"id":212401,"date":"2021-09-24T08:50:25","date_gmt":"2021-09-24T00:50:25","guid":{"rendered":"https:\/\/techwireasia.com\/?p=212401"},"modified":"2021-09-23T17:47:48","modified_gmt":"2021-09-23T09:47:48","slug":"only-a-third-of-developers-truly-understand-the-security-policies-they-work-with","status":"publish","type":"post","link":"https:\/\/techwireasia.com\/2021\/09\/only-a-third-of-developers-truly-understand-the-security-policies-they-work-with\/","title":{"rendered":"Only a third of developers truly understand the security policies they work with"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">Robust security policies are critical to the safety of companies &#8212; not just for the systems in which their data are stored, but also for their staff.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">As such, the relationships between the development and security teams have a major impact on organizations, especially in terms of benefits.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">They include increased collaboration, more secure applications, increased agility, and continuous compliance. Security teams also need to rethink their processes to further embrace the teams they support.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">However, as security professionals work to create a secure environment for organizations, developers are often left out of security planning processes. Unfortunately, developers, instead, are tasked with carrying these procedures out.\u00a0<\/span><\/p>\n<h3><b>The development-security divide<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Due to this typical arrangement, a fractured relationship between development and security arises.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">While senior leaders are more focused now on development and security relationships, a Forrester report showed that one in three leaders do not effectively collaborate or work to strengthen relationships.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Commissioned by VMware, the report, titled <\/span><a href=\"https:\/\/news.vmware.com\/releases\/new-forrester-research-reveals-deepening-divide-between-developer-and-security-teams\"><span style=\"font-weight: 400;\">Bridging The Developer And Security Divide<\/span><\/a><span style=\"font-weight: 400;\"> by Forrester Consulting sought to evaluate the relationship between IT, security, and development teams, and how organizations are working to ensure a strong security posture via Zero-Trust.<\/span><\/p>\n<h3><b>Key findings affecting security policies<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">The survey polled 1,475 respondents, with five interviews with IT, security, and development managers and above (including CIOs and CISOs) with responsibility for development or security strategy decision-making to explore how the divide between developers and security teams can be bridged.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">It was found that, despite efforts, teams continue to struggle with negative relationships and a lack of empathy while often failing to include development teams in security strategy and planning.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Aside from negatively affecting the overall security policies of companies, the gap between these teams has far deeper implications and effects on the individuals within them.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Firstly, 45.1% of developers believe they are involved in planning. However, only 37.8% of security professionals include these developers in strategy planning.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Development teams are often heavily impacted by the applications and tools chosen by the security team, as they are not involved in the decision-making process.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">But what\u2019s very worrying is that only one in three (38.4%) developers reported that they are thoroughly educated on the security procedures they are expected to execute. <\/span><\/p>\n<p><span style=\"font-weight: 400;\">This indicates that the remaining developers do not go through the proper educational process for newly updated security policies within their organization.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">To make it worse, when handling workload protection, 29.1% of development teams are not included in the decision-making &#8212; even though this decision can affect up to 92.5% of their daily work.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Additionally, 52.4% of developers felt that security policies sometimes stifle innovation.\u00a0<\/span><\/p>\n<h3><b>Fixing mindsets<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">According to VMWare, this disconnect between security teams and software developers hinders initiatives like Zero Trust implementation and securing the cloud.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Zero-trust is a \u201cnever trust, always verify\u201d security model that <\/span><a href=\"https:\/\/techwireasia.com\/2021\/07\/do-apac-businesses-really-need-zero-trust-cybersecurity\/\"><span style=\"font-weight: 400;\">acknowledges every device on the network as a threat<\/span><\/a><span style=\"font-weight: 400;\">. As such, every point of entry will require identification and authentication, boosting the security profile of the system.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">As such, it is imperative that organizations try to improve collaboration between developers and security teams to beef up their security policies.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">\u201cOur research shows that security needs a perception shift,\u201d said Rick McElroy, principal cybersecurity strategist, VMware.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">\u201cRather than be seen as the team that only swoops in to fix breaches and leaks, or who \u2018gets in the way\u2019 of innovation, security should be embedded across people, processes, and technologies\u201d, he added.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">McElroy also believes that security needs to be a team sport and that a culture where all teams have shared interests and common goals or metrics, and where they speak one language &#8212; is developed.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">\u201cThere\u2019s overwhelming value to the business when IT, security, and developers are all part of the decision making, design, and execution.\u201d<\/span><\/p>\n<h3><b>Bridging the divide for better security policies<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Shared team priorities and engagement will pave the way forward &#8212; but thankfully, there\u2019s already progress being made on this front. Over half of respondents expect security and development teams to be unified within three years, and 42% expect security to become more embedded in the development process in that same period.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">There\u2019s a broader acknowledgment, too, that cross-team alignment empowers businesses to reduce team silos, create more secure applications, and increase agility to adopt new workflows &amp; technologies.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Overall, VMWare suggests that organizations take three approaches to ameliorate this. The first is to involve developers in security planning as early and as often as possible.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The second is to \u201cspeak the language\u201d of the development team, instead of the other way round.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Thirdly, KPIs should be shared and communication increased to improve relationships. Lastly, security should be automated where it can to improve scalability.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Robust security policies are critical to the safety of companies &#8212; not just for the systems in which their data are stored, but also for their staff. As such, the relationships between the development and security teams have a major impact on organizations, especially in terms of benefits.\u00a0 They include increased collaboration, more secure applications,<a class=\"excerpt-read-more\" href=\"https:\/\/techwireasia.com\/2021\/09\/only-a-third-of-developers-truly-understand-the-security-policies-they-work-with\/\" title=\"ReadOnly a third of developers truly understand the security policies they work with\">&#8230; Read more &raquo;<\/a><\/p>\n","protected":false},"author":631,"featured_media":212405,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[24,2804,6,2372,10449,10],"tags":[2701,2838,2431,3169],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v16.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Only a third of developers truly understand the security policies they work with - Tech Wire Asia<\/title>\n<meta name=\"description\" content=\"Robust security policies are critical to the safety of companies -- not just for the systems in which their data are stored, but also for their staff. As\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/techwireasia.com\/2021\/09\/only-a-third-of-developers-truly-understand-the-security-policies-they-work-with\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Only a third of developers truly understand the security policies they work with - Tech Wire Asia\" \/>\n<meta property=\"og:description\" content=\"Robust security policies are critical to the safety of companies -- not just for the systems in which their data are stored, but also for their staff. As\" \/>\n<meta property=\"og:url\" content=\"https:\/\/techwireasia.com\/2021\/09\/only-a-third-of-developers-truly-understand-the-security-policies-they-work-with\/\" \/>\n<meta property=\"og:site_name\" content=\"Tech Wire Asia\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/techwireasia\" \/>\n<meta property=\"article:published_time\" content=\"2021-09-24T00:50:25+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-09-23T09:47:48+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/techwireasia.com\/wp-content\/uploads\/2021\/09\/shutterstock_552355783-1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"667\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@TechieKitteh\" \/>\n<meta name=\"twitter:site\" content=\"@techwireasia\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/techwireasia.com\/#website\",\"url\":\"https:\/\/techwireasia.com\/\",\"name\":\"Tech Wire Asia\",\"description\":\"Where technology and business intersect\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":\"https:\/\/techwireasia.com\/?s={search_term_string}\",\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/techwireasia.com\/2021\/09\/only-a-third-of-developers-truly-understand-the-security-policies-they-work-with\/#primaryimage\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/cdn.techwireasia.com\/wp-content\/uploads\/2021\/09\/shutterstock_552355783-1.jpg\",\"contentUrl\":\"https:\/\/cdn.techwireasia.com\/wp-content\/uploads\/2021\/09\/shutterstock_552355783-1.jpg\",\"width\":1000,\"height\":667},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/techwireasia.com\/2021\/09\/only-a-third-of-developers-truly-understand-the-security-policies-they-work-with\/#webpage\",\"url\":\"https:\/\/techwireasia.com\/2021\/09\/only-a-third-of-developers-truly-understand-the-security-policies-they-work-with\/\",\"name\":\"Only a third of developers truly understand the security policies they work with - Tech Wire Asia\",\"isPartOf\":{\"@id\":\"https:\/\/techwireasia.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/techwireasia.com\/2021\/09\/only-a-third-of-developers-truly-understand-the-security-policies-they-work-with\/#primaryimage\"},\"datePublished\":\"2021-09-24T00:50:25+00:00\",\"dateModified\":\"2021-09-23T09:47:48+00:00\",\"author\":{\"@id\":\"https:\/\/techwireasia.com\/#\/schema\/person\/d8e97bea45593c4c9b0c7c6066bd7e31\"},\"description\":\"Robust security policies are critical to the safety of companies -- not just for the systems in which their data are stored, but also for their staff. As\",\"breadcrumb\":{\"@id\":\"https:\/\/techwireasia.com\/2021\/09\/only-a-third-of-developers-truly-understand-the-security-policies-they-work-with\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/techwireasia.com\/2021\/09\/only-a-third-of-developers-truly-understand-the-security-policies-they-work-with\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/techwireasia.com\/2021\/09\/only-a-third-of-developers-truly-understand-the-security-policies-they-work-with\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/techwireasia.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cybersecurity\",\"item\":\"https:\/\/techwireasia.com\/tag\/cybersecurity\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Only a third of developers truly understand the security policies they work with\"}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/techwireasia.com\/#\/schema\/person\/d8e97bea45593c4c9b0c7c6066bd7e31\",\"name\":\"Jamilah Lim\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/techwireasia.com\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/9b60e008809cafe7ef692e8969ffbbba?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/9b60e008809cafe7ef692e8969ffbbba?s=96&d=mm&r=g\",\"caption\":\"Jamilah Lim\"},\"description\":\"Jam (she\/they) is the editor of Tech Wire Asia. They are a humanist and feminist with a love for science and technology. They are also cognizant of the intersectionality of the above with ethics, morality, and its economic\/social impact on people, especially marginalized\/underdeveloped communities.\",\"sameAs\":[\"jamilahlim\",\"https:\/\/twitter.com\/TechieKitteh\"],\"url\":\"https:\/\/techwireasia.com\/author\/jamilah\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","meta-shares":{"featured1":["no"],"featured2":["no"],"featured3":["yes"],"featured4":["no"],"featured5":["no"],"classic-editor-remember":["classic-editor"],"_edit_lock":["1637830969:638"],"_edit_last":["631"],"dfiFeatured":["a:1:{i:0;s:0:\"\";}"],"_yoast_wpseo_focuskw":["security policies"],"_yoast_wpseo_linkdex":["75"],"_yoast_wpseo_content_score":["30"],"_yoast_wpseo_estimated-reading-time-minutes":["4"],"primary-tag-meta-box":["2701"],"story-series-meta-box":[""],"story-series-featured":["no"],"twitter-post-meta-box":[""],"twittertwo-post-meta-box":["It's time that security and development teams collaborate better - but how?"],"twitterthree-post-meta-box":[""],"facebookone-post-meta-box":["While senior leaders are more focused now on development and security relationships, one in three leaders do not effectively collaborate or work to strengthen relationships. This needs to change."],"facebooktwo-post-meta-box":[""],"video-post-meta-box":[""],"writer-meta-box-dropdown":["Jamilah"],"_yoast_wpseo_primary_category":["2372"],"_thumbnail_id":["212405"],"bs_social_share_facebook":["0"],"bs_social_share_twitter":["0"],"bs_social_share_linkedin":["0"],"bs_social_share_reddit":["0"],"bs_social_share_interval":["1641640523"],"meta-shares":["31"],"meta-readers":["50"]},"_links":{"self":[{"href":"https:\/\/techwireasia.com\/wp-json\/wp\/v2\/posts\/212401"}],"collection":[{"href":"https:\/\/techwireasia.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techwireasia.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techwireasia.com\/wp-json\/wp\/v2\/users\/631"}],"replies":[{"embeddable":true,"href":"https:\/\/techwireasia.com\/wp-json\/wp\/v2\/comments?post=212401"}],"version-history":[{"count":1,"href":"https:\/\/techwireasia.com\/wp-json\/wp\/v2\/posts\/212401\/revisions"}],"predecessor-version":[{"id":212404,"href":"https:\/\/techwireasia.com\/wp-json\/wp\/v2\/posts\/212401\/revisions\/212404"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/techwireasia.com\/wp-json\/wp\/v2\/media\/212405"}],"wp:attachment":[{"href":"https:\/\/techwireasia.com\/wp-json\/wp\/v2\/media?parent=212401"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techwireasia.com\/wp-json\/wp\/v2\/categories?post=212401"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techwireasia.com\/wp-json\/wp\/v2\/tags?post=212401"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}