Enterprise Services
Showing results for 
Search instead for 
Do you mean 

Are your applications securely holding the fort in your enterprise?

Info_Security ‎08-23-2013 02:03 AM - edited ‎09-30-2015 06:58 AM

Adversaries are always on the prowl to penetrate the perimeters of the enterprise through the demilitarized zones, the intranet, the servers, the operating systems, the applications and finally, the data. Their overall goal is to gain access to the underlying data, which has even more value and context when accessed through the applications layer. Once the applications security is compromised, there are really no more layers of protection—since it opens up unfettered access to the data. Therefore, the applications layer has to hold the fort in your enterprise and be on guard should the outer perimeters be penetrated.


Application Security.pngHP Distinguished Technologist, John Diamant points out that applications continue to represent one of the weakest links in enterprise security in his interview on SecuritySolutionsWatch.com. So, what steps can enterprises take to address this challenge? The “Application security in the SDLC session by Kevin Poniatowski from Safelight Securityat HP Protect 2013provides some pointers. “Application security is not an add-on or a plug-in. It is a process that must be included in all phases of the development lifecycle to mitigate risk,” Poniatowski writes. What exactly does this mean within each phase of the Software Development Lifecycle? Let us take a look.


Analysis. Along with functional requirements, the non-functional requirements—including security—must also be determined for an application before it is architected. This includes a gap analysis of security regulations and best practices that apply to individual applications. Doing so would make it easier to justify the cost of enforcing the right security measures in alignment with these requirements.


Architecture. Security is an integral part of the Enterprise Architecture (EA) DNA. High-level view of the architecture for threat modeling and attack surface analysis must be used to identify weaknesses in the structure and design, which correlate directly into security vulnerabilities that are likely to be coded or configured into an application.


Build. Application designs must also address the not-so-happy what-if scenarios as well. Model-driven approaches work well to proactively anticipate security violations, ensuring the right measures are in place at design time. Tools must be used to effectively scan the source code for vulnerabilities.


Test. “You can’t rely only on testing scenarios to find and fix all of your existing application vulnerabilities,” Diamant cautions. We must still test and fix security flaws even though they are reactive measures that should have been preempted in the preceding phases.


Sustain. Applications meet infrastructural components of network and storage, which open up additional intersection points — a fertile ground for violations. Independent validations and verifications of existing applications must be performed to proactively identify gaps, and therefore vulnerabilities.


The 9th Annual HP Security user conference, HP Protect 2013 provides an opportunity to attend about 150 technical sessions on Enterprise security that comprehensively addresses various aspects including Network, Data, Software and Information and Event Management.


What measures are you taking within your enterprise to proactively enforce application security across the Software Development Life Cycle (SDLC)? Please consider attending the Application security session to check out other options.


Connect with Nadhan on: Twitter, Facebook, Linkedin and Journey Blog.


nadhanHP Distinguished Technologist, E.G.Nadhan has over 25 years of experience in the IT industry across the complete spectrum of selling, delivering and managing enterprise level solutions for HP customers. He is the Chief Architect for the standardized framework of processes and tools that HP Enterprise Services uses to deliver world-class applications solutions.

Twitter handle @NadhanAtHP.


HP Protect 2013

0 Kudos
About the Author


on ‎09-06-2013 07:44 AM

A very interesting article and well written Smiley Happy

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Jun 7-9
Las Vegas
Discover 2016 Las Vegas
Discover 2016 in Las Vegas, the ultimate showcase technology event for business and IT professionals to learn, connect, and grow.
Read more
Each Month in 2016
Software Expert Days - 2016
Join us online to talk directly with our Software experts during online Expert Days. Find information here about past, current, and upcoming Expert Da...
Read more
View all