Creating a Culture of Security
Given that break-ins into corporate networks are now routine (and sometimes state-sponsored), the idea that data is somehow safer behind the corporate firewall is absurd. The only way to effectively secure data is strong encryption combined with rigorous hygiene around key management and access controls. This can be done as effectively in the cloud
... See moreJoanne Molesky • Lean Enterprise: How High Performance Organizations Innovate at Scale
As software engineers and architects our job is to try to use our technical and logical thinking skills to identify which is which and to challenge those that are not useful. Which activities help us to really be secure and which are outdated or simply useless “security theatre”? If we don’t do this then all security activities will be devalued and
... See moreMurat Erder • Continuous Architecture in Practice: Software Architecture in the Age of Agility and DevOps (Addison-Wesley Signature Series (Vernon))
One of the key challenges for corporate IT departments, in fact, lies in making the right decisions about what to hold on to and what to let go.
Nicholas Carr • The Big Switch
Put aside your data.
Scott Berinato • Good Charts
This is important because if you don’t know how well your software is controlled and you can’t routinely build and deploy it then you have limited agility, inability to drive security improvements with acceptable operating risk and many other factors that are crucial to cybersecurity.