Java Reference
In-Depth Information
5.1.2.4 Cost Savings
Cost savings is an important factor for consideration in troubled economic times. Organizations
lose out on several millions of dollars due to lack of appropriate security functionality, thereby
making it unacceptable for use in a production environment. his forces the application to enter
a loop of unending development cycles and efort. his happens when organizations do not plan
and design the security functionality for the application from its inception. Customers insist on
security functionality being incorporated into the application. his requirement for security crops
up at the later stages of the development life cycle or because of a customer requirement causing
mayhem in the Application Development Life Cycle, resulting in delays and loss of revenue.
Another instance for cost savings would be much more adverse in nature, where the organiza-
tion's Web application is hacked and data stolen. hey will be forced to implement security con-
trols, but there is a greater cost of loss of reputation and possible ines, which may be irreparable
in the long run. Organizations also encounter several issues with a nonsecure application with
reference to compliance. In the current-day scenario, customers deploying applications are very
watchful of security for applications. hey would ensure that their dollars are well spent on a solu-
tion that is inherently secure, has complied with certain security standards and guidelines, or has
been assessed for security and found to be secure. Organizations often ind that the applications
they develop fall short of these security functionalities, as a result of which their applications end
up losing out to applications that are more secure. herefore, even purely from an opportunity cost
perspective, it is always prudent to build a secure application.
5.1.2.5 Security Awareness
An efective risk management program ensures that all the stakeholders related to the application
and its development are involved in the risk management process. his ensures that manage-
ment, architects, developers, testing personnel, integrators, and other stakeholders are aware of
the threats that are present that can result in serious inancial and reputational losses. Security
awareness is a powerful motivator in this direction. Awareness is one of the basic and most impor-
tant aspects of instituting a culture of security in an organization. If individuals are not aware of
the threats, vulnerabilities, and possible consequences of exploits, the efectiveness of any security
program would be under a serious cloud, as it is people who in essence need to ensure that security
is implemented and adhered to.
Management, one of the prime stakeholders in the Web application development and deploy-
ment, should be aware of security issues. his is particularly important when the Web application
is likely to have inancial ramiications. When management becomes aware of Web applica-
tion security issues and their consequences, they will be urged to be concerned about securing
these applications and their policies and directives will permeate to the rest of the organization.
Budgetary and business case considerations are greatly helped if management is aware of the mul-
tifarious Web application security threats and their possible impacts. Management, when unaware
of security risks, can be the greatest opponent to investments in security. Budgetary concerns are
a reality today and management would like to ensure that every dollar that is spent is spent for
an appropriate requirement. his often forces management to make myopic decisions on security
expenditure and investment. his usually happens when they are unaware of consequences of
a security breach. An efective and, more importantly, an inclusive risk management program
ensures that management awareness and knowledge are both harnessed to the fullest extent to
ensure that the protection strategies devised for the Web application are taken to fruition.
Search WWH ::
Custom Search