Page 109 - Cyber Defense eMagazine April 2023
P. 109

security best practices, privacy regulations, and compliance standards into the chaotic process that is
            the software development lifecycle.

            In this post, we’ll look at mapping your distributed data is necessary, what challenges you’ll face along
            the way, and how you can overcome them.



            Why is data scattered in the first place?

            Whether  you  like  it  or  not,  most  data  produced,  stored,  and  processed  by  business  applications  is
            distributed by nature. Both logical and physical data distribution is necessary for any application to scale
            in  functionality  and  performance.  Organizations  store  different  data  types  across  different  files  and
            databases for various purposes.


            The classic example of data distribution within a company is buyer and client data. One SME can have
            data on leads, warehouse orders, CRM, and social media monitoring spread over dozens of internally
            developed and third-party SaaS applications. These applications read and write data at different intervals
            and formats to owned and shared repositories. In many cases, each also has various schemas and field
            names to store the exact same data.

            Application  development  processes  distribute  a  significant  portion  of  data  within  the  application
            architecture,  especially  regarding  serverless,  microservice-based  architectures,  APIs,  and  third-party
            (open source) code integration. So, the critical question isn’t why we distribute data in our applications.
            Instead, it's how we can manage it effectively and securely throughout its lifecycle in our application.




            Mapping distributed data: is the effort worth the reward?
            “Shift left” application security, big data security, code security, and privacy engineering are not new
            concepts.  However,  software  engineers  and  developers  are  only  beginning  to  adopt  tools  and
            methodologies that ensure their code and data are safe from malefactors. Mainly because, until recently,
            security tools were designed and built for use by information security teams rather than developers.

            Privacy  by  design  is nothing  new either,  but  in  today’s  hectic velocity and  delivery-driven developer
            culture, data privacy still tends to be neglected. It often remains ignored until regulatory standards (like
            GDPR, PCI, and HIPAA) become business priorities. Alternatively, in the aftermath of a data breach, the
            C-suite  may  demand  that  all  relevant  departments  take  responsibility  and  introduce  preventative
            measures.

            It would be great if all software services and algorithms were developed with privacy by design principles.
            We’d have systems planned and built in a way that makes data management a breeze, which would
            streamline access control throughout the application architecture and bake compliance and code security
            into  the  product  from  day  one.  In  short,  it'd  be  absolutely  fantastic.  But  that’s  not  the  case  in  most
            development teams today. Where do you even start if you want to be proactive about data privacy?







                                                                                                             109
   104   105   106   107   108   109   110   111   112   113   114