23 February 2016
Running Distributed Projects in an Insecure Digital World
By Alexei Miller
Alexei Miller, Managing Director at DataArt, shares his thoughts with Nearshore Americas on cyber security for distributed teams, dispelling common myths and offering specific approaches to reduce the risk of data breaches.
“One misconception is that data breaches are inevitably the result of flaws in IT systems. Another is that external hacking is mostly to blame. In fact, most data breaches are perpetrated by people associated with the company: permanent employees, temporary workers, contractors, or vendors.
Extending technology development beyond a single office wall should not necessitate creating a new layer of cyber defenses — they should be there in the first place. Security policies for employees should be extended to contractors. …Operational measures, such as code reviews and static code analyzers, should be part of any development-team procedure.
Second, smart use of technology can significantly reduce the risk of unauthorized data access. The choices are endless, but three things are standard fare... PaaS are a very efficient, and very secure place to set up development environments. Clever DevOps and deployment automation minimize the need for humans to access and manage real production environments.
Finally, the classic issue of “us vs. them” must be dealt with from the outset… By structuring the relationship so that the vendor is motivated by the system’s long-term success, the company can significantly reduce its security exposure.”