Software vulnerabilities have existed for as long as there has been software. Organizations and their developers have been locked in a cat-and-mouse game with the legion of hackers looking to steal data. Every time one breach is fixed, another is exploited, and ‘round and ‘round it goes.
So, after Julian Assange and WikiLeaks, Edward Snowden, and less public hackers have been grabbing and making public classified government documents and the personal data of millions upon millions of people, it took the premature release of less than a dozen movies held by Sony Pictures (and the actors starring in those movies) to finally scream, “Something must be done to secure our private information!”
The issue of software security is what the editors of SD Times have identified as the top trend of 2014. We’re calling it “2014: Into the Breach.”
Some of the vulnerabilities in software have long been understood: cross-site scripting, buffer overflows and SQL injections. Others, such as the “Heartbleed” hack that devastated numerous e-commerce organizations, were devious new attacks that forced the industry to scramble for a solution. It finally was determined that OpenSSL was the culprit, and many industry players committed resources to get that tightened up.
A big reason for all the attacks we’re seeing is that data is the new currency. Companies collect as much information on their customers as they can, to better understand their habits and preferences, which leads to targeted marketing and—it is hoped—greater engagement and more sales.
But that data is just as valuable to other companies, and a black market for that information exists, for the establishment of bogus credit accounts, the theft of identity, and other malevolent intent.
Big Data, at first, was about collecting data. Then it became about processing and manipulating the data. Today, Big Data is about gaining insight from that data. It should also be about securing the data. Firewalls are a part of the solution. But security is also the responsibility of the developers creating those applications that feed on the data.
In 2014, we also saw developers using more open-source software than ever before, as application creation moved closer to application compilation. The use of the cloud and open APIs has given developers access to more code and data exchange than ever. The problem, though, is that the developers do not own or control the data or the pipe, so things can change on that end to make an application vulnerable to exploitation, without the developer knowing it until it’s too late. Better, more frequent testing and code review can prevent vulnerable software from being released into the wild.
Let’s not overlook the explosion of mobile devices used for work, on phones and tablets of a worker’s choosing. Organizations must be vigilant to ensure sensitive documents on a worker’s cellphone do not—even inadvertently—fall into the wrong hands.
Big Data. Open source. Mobile use. Agile processes with less time for testing. All of these aspects of the software development life cycle are conspiring to make sensitive data all the more vulnerable. We must remain on guard to ensure the public doesn’t lose its trust in our ability to preserve privacy. Otherwise, everything goes offline.
2014 in review:
The year security was on everyone’s mind
The year agile, DevOps and Continuous Delivery took over the life cycle
The cloud in 2014: An open, interoperable ecosystem
Mobile in 2014: Going beyond smartphones and tablets
More turn to open source in 2014