Security Is Critical, So Why Don’t We Take It Seriously?
It’s amazing how important security has become for just about every application on the market. Even if you’re just selling a cheap iPhone game, the sheer volume of personal information tied to your phone (and likely integrated into certain aspects of the app) leaves you open for a massive headache if the security is low (or nonexistent).
Once you move into banking applications or anything related to health care, it becomes more and more important for developers and testers to guarantee that all the data they’re gathering from their users is locked behind the biggest, most bulletproof safe you’ve ever seen.
But many companies just don’t consider security something high on their priority list. Why? Like insurance, you don’t think anything bad is going to happen to you until, well, it actually happens. You’ll see all the incidents other companies are dealing with or hear about what could go wrong at the watercooler, but then think, “Why would I spend so much time and money on preventing something that probably won’t happen anyway?”
Jeff Payne, the CEO and cofounder of Coveros, is often astounded by how little major corporations invest in securing their products. Speaking at last year’s STARWEST Conference, Payne explained why security has been so bad for so long.
“I think part of it is the insurance mentality. They just don't think it will happen to them, and they're not going to really worry about it until it does happen to them. Then it's too late for consumers, right?” Payne said. “Security to me is getting as important as safety-critical types of applications.”
In other aspects of life, you so often believe that it’s easier to say sorry than ask permission. You leave yourself open to making a mistake knowing that you’ll be able to fix things if something bad were to happen. But when it comes to software, as soon as your application is compromised and your users see their data stolen, all trust is gone. And just about no company survives after a hit like that.
“Companies that provide pacemakers, avionics software, or nuclear reactors—they take assurance to another level, because they understand that it can never fail,” Payne continued. “Security is getting to that point in my opinion, and a lot of these companies have bobbed and weaved and danced around the problems and skated through, but now we're starting to see CEOs get fired and other things happen.”
Don’t assume bad things won’t happen to you, your company, or your applications. Invest in security early, and you won’t find yourself regretting an oversight later.