Secure by Design: Part Two

Part two of a three-part blog on building secure solutions using Online’s Secure Solution Delivery Life Cycle (SSDLC).

As attacks move up the stack from the operating system to applications themselves, a shift in the solution delivery life cycle philosophy is emerging, recognizing that security activities need to move earlier in the life cycle, to truly build security in effectively. 

Read More
By Larry Skelly on Jun 9, 2017 12:09:53 PM
Security

Secure by Design: Part One

Part one of a three-part blog on building secure solutions using Online’s Secure Solution Delivery Life Cycle (SSDLC).

As attacks move up the stack from the operating system to applications themselves, a shift in the solution delivery life cycle philosophy is emerging, recognizing that security activities need to move earlier in the life cycle, to truly build security in effectively. As organizations are pressured by the rapid promotion cycles of DevOps, the focus is often on secure coding, static code analysis tools, and earlier security testing. But this is too late to be effective; in order to build inherently secure applications our security activities need to span the entire life cycle.

Read More
By Larry Skelly on May 31, 2017 4:28:32 PM
Security, Service Management

When an Asset Becomes a Liability – Part 2: Uptime is Important, but Insecure Uptime May Be a Liability

A note from the author: As I talk to more and more organizations a new challenge is emerging: balancing the need to be secure and the need have systems operational. I’ve written this blog post from an internal perspective (CEO) to provide an “insider” view on the problem. While not meant to describe operations at any firm specifically, the challenges identified and the solutions required to resolve them are real and attainable with the right team and the right skills. 

Read More
By Larry Skelly on Apr 13, 2017 4:17:19 PM

When an Asset Becomes a Liability: Uptime is Important, but Unsecure Uptime May Be a Liability

A note from the author: As I talk to more and more organizations a new challenge is emerging: balancing the need to be secure with the need to have operational systems. I’ve written this blog post from an internal perspective (CEO) to provide an “insider” view on the problem. While not meant to describe operations at any firm specifically, the challenges identified and the solutions required to resolve them are real and attainable with the right team and the right skills. 

Read More
By Larry Skelly on Mar 22, 2017 11:22:06 AM