Stop Treating Security like Leather Seats

Team Wabbi

December 14, 2021

When was the last time you had to buy a new car? Some enjoy the haggling while others hate it, but if you want to maximize your ability to negotiate on price you’ll need to review the car’s models and options. For any given car, automakers generally present you with several baseline models, progressively adding more desirable options at an ever-increasing cost. Want the leather seats? You’ll have to upgrade to the model with the larger rims, infotainment center, backup camera and sun-roof as well, even if those options aren’t important to you. The idea is to keep bundling the most requested features into packages and models that require you to pay more for them. Automakers have been doing this for decades trying to maximize their profits.

The bundle model is a well proven sales tactic and many other industries have followed suit – including most software companies. The issue is many software companies include security as part of the bundle. Want the ability to assign roles to users? How about delegating administration rights? Need to integrate with your cloud-based identity provider? All that and a whole lot more are offered, but only in the ‘Enterprise’ edition. So you have to pay for features you may not want just to get the security “features” you need.

 

If only those with the deepest pockets can secure their software then we will continue to see data breaches, ransomware attacks and identity theft. Until the software industry stops treating required security functionality like optional leather seats, we will never see the true “shift left” in securing our digital services and infrastructure.

The problem is that security isn’t an option – it’s a requirement. Even in the smallest of companies, things like least privileged access, the ability to leverage a single identity store, and audit logs of user access are basic requirements no matter how large or small your organization may be. Any functionality required to securely implement, use, monitor and manage a software service or application shouldn’t be offered only as a bundled feature to help drive users to the highest license level offered. Security functionality should be available as add-on costs to any license offered. Implementing and supporting such functionality costs real money and users should pay a reasonable fee for them, but security functionality shouldn’t be used to push users to the highest licensing cost.

    Orchestration solves the question of how to ensure each piece of software involved in the development and delivery of a software pipeline adheres to the security requirements of the organization. However, a team can only do that if the options to properly do so are available in the security tools used by the organization. Too many software vendors are holding security hostage to push their users to higher licensing costs, making them pay for unnecessary and unneeded features to get the security baseline required

    If only those with the deepest pockets can secure their software then we will continue to see data breaches, ransomware attacks and identity theft. Until the software industry stops treating required security functionality like optional leather seats, we will never see the true “shift left” in securing our digital services and infrastructure.

    Related Articles

    Fortifying Your Defenses: How ASPM Can Combat MITM Attacks 

    Fortifying Your Defenses: How ASPM Can Combat MITM Attacks 

    Wabbi’s CEO, Brittany Greenfield, recently discussed with Forbes strategies organizations should adopt to strengthen their defenses and safeguard stakeholders from MITM attacks. So, we’re diving into why these types of cyberattacks are a wake-up call for improving...

    Understanding the Application Security Posture Management Landscape

    Understanding the Application Security Posture Management Landscape

    As the importance of Application Security has grown, so has the confusion around how to successfully maintain the complete application security lifecycle– not to mention stay up to date with the alphabet soup of acronyms we must contend with. Consequently, as...

    Understanding the Application Security Posture Management Landscape

    Understanding the Application Security Posture Management Landscape

    As the importance of Application Security has grown, so has the confusion around how to successfully maintain the complete application security lifecycle– not to mention stay up to date with the alphabet soup of acronyms we must contend with. Consequently, as...

    0 Comments

    0 Comments

    Subscribe to stay
    Stay up to date on the latest in cyber security and how you should be protected.
    Connected
    Subscribe to stay
    Stay up to date on the latest in cyber security and how you should be protected.
    Connected
    Learn how our solutions can streamline your Application Security program.
    Get Insights on AppSec Orchestration
    Learn how our ASPM program can streamline your application security.
    Get Insights on ASPM SOLUTIONS
    Learn how our DevSecOps program can integrate security into your development.
    Get Insights on DevSecOps Solutions