You are here

You are here

Securing your application modernization process

public://pictures/jhunt.jpeg
Johnathan Hunt VP of Security, GitLab
View of London with  old, derelict buildings in foreground and tall, modern, shiny skyscraper behind.
 

Developers are under immense pressure, whether they are in the public sector or commercial enterprises, to provide new product features, maintain availability, and prioritize bug fixes. However, many organizations still use legacy systems, infrastructure, processes, and policies that keep development teams from delivering programs and applications that support their missions and drive business results.

Replacing legacy applications is time- and resource-intensive, which is why organizations don't often do it. But the resources required to maintain security under these legacy systems often place a large burden on security teams, which is why modernization is a crucial step forward. Here's what you need to know.

Common challenges

Modernization is a multi-step process for every engineering organization. To successfully transition out of legacy systems, organizations must overcome a number of technical, cultural, and process-oriented challenges.

These challenges can include a cultural reluctance to change, time or resource constraints when adopting or pioneering new processes and technologies, and increased pressure to accelerate the speed of delivery of projects when using antiquated tools.

Additionally, many organizations face new security, compliance, and legal regulations that make modernization an even more ambitious undertaking. With a thoughtful and strategic approach, however, this process can be made a little less painful.

Leadership-driven cultural changes

As with all organizational changes, starting with leadership is critical. Leaders across the organization should map out how an updated system will help a specific mission, keeping security, scalability, and efficiency at the forefront. 

Modernization doesn’t apply just to the tools that software development teams use; it also includes a management-led culture of constant learning and growth. This involves regularly investing in opportunities to reskill the broader workforce, facilitating networking opportunities, and collaborating with peers on best practices.

Break down silos

Antiquated legacy systems often result in artificial silos between developers and security teams. A singular platform can help create real-time, centralized communication and collaboration.

Too often, security teams work in a separate silo that's isolated from the rest of the software development process and security measures are performed too late in the development cycle. Breaking down silos between development, operations, and security teams reduces handoffs and ensures that security is integrated into the lifecycle.

Ditch DIY development systems

Many organizations that have adopted homegrown application development tools experience the consequences of daisy-chain tool chains—that is, a collection of favored tools that developers can pick and choose from. Although this seems like a more flexible option, it actually turns the software development lifecycle into a hit-or-miss process, instead of a tried-and-tested one.

These DIY tool chains rarely scale well, are difficult to maintain, and prevent a simplified, repeatable process.

DIY tool chains force teams to access a number of different platforms, test solutions for each use case, and spend budget on multiple different solutions. This creates more risk, since access is configured and managed across multiple tools and often shuffles security to the latest possible stage in the software lifecycle. This delays delivery, impairs product quality, and increases security vulnerabilities and compliance issues.

Make security a continuous process

Organizations must take a proactive approach to mitigating risks and vulnerabilities before they actually emerge. Security teams should be empowered to collaborate with developer teams to implement security and compliance measures throughout the process, instead of being left as an afterthought.

Centering security throughout the process involves instituting thresholds, safeguards, and vulnerability remediation within your pipeline at the developer level. This will radically increase speed to delivery, while ensuring that all products are secure by design.

Migrating from legacy systems that are often held together with digital duct tape is not an easy undertaking. But the rewards of embracing a mature, streamlined development platform are vast. Organizations can continue working quickly and collaboratively, and meet customer, investor, and partner demands.

Keep learning

Read more articles about: App Dev & TestingDevOps