5 App Dev Myths Part 4: Custom Development Compromises My Security
There’s a great amount of interest in custom-built applications – and quite a few misconceptions about them as well. Arraya’s Application Development team has encountered many of these, including concerns about complexity, use cases, and more. During this five-part series, our team will seek to dispel some of the more common misunderstandings about custom-built applications in order to shed light on a sometimes murky topic.
We see headlines almost every day about big data breaches and hacking attacks on business. An impulse for many of us could be to assume that any outside party coming into our systems is going to lead us to a similar fate. I get it. In IT, it’s our duty to protect our company and the interests of our clients and we take that very seriously. An outside organization is a risk we can’t control.
However, I can tell you from personal experience that some distrust is misplaced; particularly when an established organization with a good track record and roots in the development community is going to do work for you. The stock in trade of such entities is expertise and trust; trust earned through long histories of creating unique solutions for companies.
Also, there is a kind of high-level vision that always comes with having an “outside set of eyes” examine a system. This is true in all facets of IT, including security. It is in our nature to become blind to potential risks because we have become accustomed to seeing things a certain way. If we get an outside view of our process, we gain perspective from which we would not otherwise benefit.
For example, I can recall an instance where a larger client trusted us to look at updating an internal security process that involved a chain of approvals and forms between various departments. Since we were looking at the issue from the 10,000 foot view, so to speak, we were able to realize that numerous steps in the process were actually being duplicated. Specifically, this involved repeatedly typing in key information. By virtue of what they are, repetitive manual processes carry some degree of risk. It’s easy for someone moving quickly to key something in incorrectly or incompletely. Depending on the project, this could either be a minor hiccup or a potentially painful security vulnerability.
In this case, we were able to automate the process and pass forms from department to department with the sections in question already filled out. In addition to saving time (as well as removing quite a bit of unnecessary work from a number of employees), there was a significant drop in resubmittal due to errors in data entry. In this case the client was, understandably, more focused on the micro elements and not the macro picture, causing them to miss the issue.
If we can move outside of our usual defensive space, which is admittedly not an easy thing to do, there are many firms and talented individuals out there who are able to not only work without compromising your security, but also give you another set of eyes on how your security is designed and to either validate or improve on what you have.
Want to learn more about Arraya’s Application Development services? Visit https://www.arrayasolutions.com/contact-us/ to open up a dialogue with us today!
Have some thoughts you’d like to share about this post? We want to hear from you! Leave us a comment on this or any of our blog posts through social media. Arraya can be found on LinkedIn, Twitter, and Facebook. While you’re there, follow us to stay updated on our industry insights and unique IT events.