Embrace new technologies, only if …

In today’s software development world, new technologies are always around the corner. Application development frameworks appear to be on a mission to release a new version every year if not more. New web technologies are born every few months or so, deprecating their ancestors, and introducing new capabilities that were far from reach previously. New technologies are typically made with the intention of empowering the software makers to do more, possibly with less effort, and to make the life of the developers and, ultimately, the end users easier. Progressive organizations, naturally, follow this trend and their IT is constantly on the look-out to improve their applications environment by using the latest advancements. With so many technology options on the table, the decision making process for adopting a new technology is not straightforward, as you can imagine. Not to mention that many of the new technologies are designed to be integrated with each other, opening a whole new set of possibilities. Looking at the security dimension alone, every technology has its own strengths, but almost certainly brings along its own risks. In other words, there is no one-size-fits-all technology for all the organizations and environments within them. Every application has its own specific requirements, both functional and non-functional. Using the right technology at the right place is key for optimizing the software development life cycle process, minimizing overhead of future fixes, and decreasing the risk surface of the organization. Making a sensible technology adoption decision, however, is only achievable through an in-depth analysis of the proposed technologies and evaluating them against applicable requirements. The analysis must address different angles of the application requirements, from functional features and functionalities to non-functional requirements, namely “security”.

We, at Security Compass, offer a Technology Security Analysis service for the very purpose described above. Our software and security experts work with the clients as a team to guide them through the technology adoption process. The final goal of this collaboration is to identify the technology or the configuration, often from a list of candidates, which is the best fit for the client’s security and other associated requirements. Our engagements typically include the following phases:

  • Requirements Analysis;
  • Technology Review;
  • Technology Analysis; and
  • Conclusions and Recommendations

For more information on our Technology Security Analysis please visit our service overview page.

Previous Article
Classifying applications
Classifying applications

A good first step towards the implementation of a secure SDLC is to take stock of your existing application...

Next Article
Vuln Remediation Tips
Vuln Remediation Tips

Discovering vulnerabilities is often the main objective of security teams within large organizations. This ...