In application development, the sole focus on delivery speed has created a vacuum when it comes to offering business value.
The missing component in this dynamic is risk — which is all about regulatory requirements, compliance, and privacy, to name a few. However, the teams that are responsible for generating security policies and controls around risk are often seen as barriers to fast delivery.
Unfortunately, the fallout from ignoring these concerns leads to bigger business problems like reputational damage, extensive rework, and resolution costs. It is far better to balance speed with risk from the beginning instead of ignoring it or trying to inject security after code is written.