For more than two decades, Web apps were built with functionality in mind. Everything revolved around the user interface and how easy it was for users to access information and make online purchases.
No longer. The high-profile breaches of the past few years have shattered those assumptions, and companies can no longer trade off functionality for security. Today, both app security and privacy must be built into Web applications.
Setu Kulkarni, vice president of corporate strategy and business development at WhiteHat Security, says it all starts with CISOs explaining in clear terms what lackluster app security means to the company's bottom line.
And while it's important for CEOs to understand what's at stake in terms of lost revenue and brand reputation, security pros are the ones who have to "own" security, Kulkarni says. "That means moving from merely responding to breaches [to mainstreaming] security into IT project teams and the entire development process," he says.
This feature offers security pros some ideas for mainstreaming app security at their organizations. Security, after all, can't be an afterthought. It has to become a part of the company's culture, just as important to the product as quality control.