Application development cost rises

Application development experts assume that making their software more secure increases the cost of tools and lengthens the time it takes to get an app out the door. That isn’t necessarily true, according to studies from Gartner and others, which show that integrating security best practices into the software dev lifecycle reduces overall costs by increasing efficiency and boosting customer satisfaction.

For many companies, however, that kind of ROI could be a long time coming. The immediate challenge is to break the cycle of releasing software with security vulnerabilities, which anger customers, whether internal or external, and are costly to fix after the fact.

Although many software vendors have long recognized the advantage of securing the application layer in development, there’s new focus on the problem. That’s partly because network-based attacks have been brought under control through now-mature technologies such as firewalls, intrusion prevention and other network-based control mechanisms. “People are now attacking through applications, because it’s easier than through the network layer,” says Forrester Senior Analyst Michael Gavin.

When application security is viewed as a business enabler, organizations can now use a broader perspective to measure its total value and evaluate ROI. To varying degrees, all secure web applications realize returns based on:

• increased revenue
• reduced costs
• improved policy compliance
• mitigated risk

Access management is a technology designed to put the right web application resources in the hands of the right user. It works by comparing individual user profiles with an organization’s business rules, and deciding on a case-by-case basis to grant or deny access to the requested resource. The criteria for granting access can be static (e.g., job responsibility or department), or active (e.g., account balance or status).

Correctly implemented, access management empowers organizations to safely expose back office applications to customers, partners, and channels. For example, customers can update their addresses, sales reps can track customer purchases, and suppliers can automatically replenish inventory.

There is considerable literature to suggest that the payback on access management is both large and rapid. Forrester Research, for example, reports that most organizations expect to recoup their investment in access management in just three months. Although these statistics are encouraging, individual organizations generally like to calculate financial returns on their own.

Access management is a security infrastructure which, in the absence of a specific business process, returns nothing. Moreover, returns from a security infrastructure are difficult to separate from the returns from the business processes they enable. The primary focus should therefore be on the financial returns from the successful implementation of a particular access management-enabled business process. When this is done, a proven three step process can be used to determine ROI:

1. Calculate baseline given current operations
2. Establish metrics
3. Forecast scenarios including metrics

The first step must be to frame the ROI discussion in the context of key security enablers for a particular business application. This will usually correlate to an existing business process, but may be something completely new. In either case, this correlation provides both the foundation for calculating a baseline and a framework for injecting the metrics that generate the forecasts.

Related posts:

1. Cost of cyber-crime continues to grow according to the FBI
2. Security loopholes in software development
3. What type of web site application. Low volume, professional or development?
4. Webinar Featuring WHID on the Top Trends in Web Application Threats
5.    Integrated user provisioning
6. File integrity application

Related posts brought to you by Yet Another Related Posts Plugin.