Security and the Qualities of Innovation
Bryan Casey 270003BSJV BFCASEY@US.IBM.COM | | Tags:  innovation application security appsec
0 Comments | 2,698 Visits
It's something we talked about a lot at Pulse this year. There was a time when new technologies would come along and it would be the responsibility of the security team to basically say "beware!" or "no!" However, we are seeing a significant shift in this approach. Security professionals can no longer say "no," because being competitive in today's market means being able to confidently adopt these new technologies. When we think about the qualities that come together that make something an innovative technology we often talk about things like ease of use and adoption, better performance, scalability, automation, deep analytics, the list goes on.
However, as the computer industry has matured over the last twenty years, so has the market for criminal activity. In the recent IBM X-Force 2010 Trend and Risk Report we saw a dramatic increase in the number of sophisticated, targeted attackers. It seems like we can't go one week without hearing a major news story about a data breach. But that does not mean that this is the time for companies to say "no" to adopting new technologies, to innovating, because of the potential risks associated with them. Sure, we need to be smart about how we approach things like clouds, and which workloads we put where, but what we are really seeing is that companies are adding one more capability to the list of qualities inherent in real innovation. Security.
Nowhere is this message more clear than in the application development space. Web applications account for about half of all vulnerability disclosures, and what we see is likely just the tip of the iceberg. That said, nobody wakes up in the morning to go out there and write a bunch of really porous code that's going to put users at risk. That is why IBM offers a set of tools that use a combination of dynamic and static testing to find the vulnerabilities in code and help you to remediate them. It's not just about security though. It's about building and designing a better application from start to finish. It's security helping you innovate.
To that point, this year security will have a really exciting agenda at Innovate 2011 and I would encourage any of you to attend who have an interest in this space. We'll have experts from all over the company including Rational, Tivoli, GTS, Research and X-Force. In the below podcast, Brian Moran talks a little about what you can expect to see at Innovate this year.
Listen: Download Link (mp3)