10 Tips for Adapting Security Practices from Your Home Office – InApps is an article under the topic Software Development Many of you are most interested in today !! Today, let’s InApps.net learn 10 Tips for Adapting Security Practices from Your Home Office – InApps in today’s post !

Read more about 10 Tips for Adapting Security Practices from Your Home Office – InApps at Wikipedia

You can find content about 10 Tips for Adapting Security Practices from Your Home Office – InApps from the Wikipedia website

Snyk sponsored this post.

Guy Podjarny

Guy Podjarny is co-founder and president of Snyk.

The new normal of a remote workforce happened so quickly that very few, if any, companies were truly prepared for the change. While many made valiant efforts to adapt, there is a learning curve when it comes to scaling new remote processes at every level of a company. However, this is especially true when it comes to your company’s security practices.

You may now be thinking, is there something I missed? Well don’t panic. Instead, let’s dive into some industry best practices that will not only help you and your team at home adapt, but will also aid in scaling practices even when you’re back at your office desks again.

  1. Establish documented guidelines to empower remote developers.

Working from home means atypical distractions during a “typical” workday. With this in mind, it’s important to empower developers to make decisions on their own, without baking in time for extraneous approvals. Developing clear guidelines helps align teams on expectations and is a crucial component for success. Investing in documenting these guidelines is the key next step toward giving developers the authority and confidence they need to autonomously make the right decisions each and every time.

  1. Focus less on breaking the build and more on fail Pull Requests.
Read More:   AsyncAPI Could Be the Default API Format for Event-Driven Architectures – InApps 2022

While “breaking the build” is a popular CI/CD security measure in the face of a security violation, it’s unfortunately a disruptive one as well — leaving developers working on new software in a bind. This becomes an even larger issue when team communications must overcome the separation of remote work. I recommend limiting breakage to only the most extreme cases.

For other issues, give fail pull requests a try instead. Advantages to this approach include testing only the new code changes local to the branch where the code is modified, and the ability to choose whether a given failure blocks a merge or is just informational. These advantages have something in common: they empower developers to make the decision, giving them more autonomy to forge ahead with their projects even in light of unforeseen issues.

  1. Prioritize the investment of security visibility.

Security visibility can take a lot of forms, but I have a few specific suggestions that apply to most organizations. First, utilize a software bill of materials (SBOM) to capture dependencies packaged into your app. Another way is to crowdsource visibility through a specific Slack channel or notification emails, even leaderboards that show how well each team is handling security issues. These tactics get everyone involved in the process and help teams actively see themselves getting better, or give the opportunity to course-correct if they’re not hitting their goals.

  1. Take extra time to level up individual skills.

An upside to working from home means time once spent commuting can now be used for professional development. For developers, invest in security education through online resources like MyDevSecOps, OWASP or DevSecCon conference videos, or through commercial tools like SecureCodeWarrior.

For security, invest time and resources in improving the team’s coding skills. I recommend resources like Cybrary: Python for Security Professionals, Lynda/LinkedIn: JavaScript Training and Tutorials, and Codecademy: Learn Go Programming.

  1. Don’t forget that praise can be sent virtually.
Read More:   Q&A with Peter Wang Co-Founder and CEO of Anaconda

Remember, developers are people too! Especially in these isolated times, it’s important to note that a kind word or team-wide recognition can mean a lot. From a well-placed GIF in Slack to special company swag, don’t forget to celebrate the accomplishments of your team.

  1. Don’t let distance muddle security and developer relationships.

Remote developers need to know they have someone to turn to when an inevitable security question arises. Luckily, alignment between teams doesn’t require organization changes, just regular connection between teams in daily working practices. I recommend booking recurring syncs between peers, and having security and developer partners join some of the other team meetings to maintain visibility.

  1. Remember hygiene can be applied to security practices too.

Hygiene is turning into a keyword for 2020, but in this case it applies to more than hand washing. In security, it means prioritizing the basics before the more obscure attacks. For a majority of companies, vulnerable components, configuration mistakes, and leaded tokens should take priority over sophisticated attacks. Once security hygiene is successfully scaled to your remote development teams, you can go back to expanding your horizons.

  1. Embrace two-factor authentication.

An investment in two-factor authentication infrastructure isn’t just a good idea during times when most employees are working from a VPN or operating in cloud environments. In fact, it can pay dividends in the future, allowing you to extend that capability to other systems on your network or cloud environment.

  1. Add security to SSH connections.

This can easily be accomplished by enabling mutual authentication and shortening session times. As more production machines go remote, the risk of attack goes up and strengthening authentication on these interfaces becomes critical. I recommend using open course systems like Netflix’s BLESS or SmallStep, or commercial options like Okta or others, to enable stronger identity-based authentication.

  1. Take advantage of Bug Bounty programs.

One positive outcome from the sad reality of company cutbacks is that many professionals will be looking for opportunities on the gig market. This is an opportunity to strengthen your security assessment strategy via bug bounty programs like Hacker One or BugCrowd. Not only will you help create work opportunities for those in need, but you’ll be adding another layer of security assessment capability.

Read More:   So Much Uncertainty – InApps 2022

I hope these tips not only help you keep security practices on track during our time of mandated work from home, but that they actually strengthen your overall approach and stick with you and your teams into the future.

How Pros Implement Secure Development

For even deeper insights into these practices and putting them into motion in your organization, tune into this panel discussion with myself (Guy Podjarny, Snyk co-founder and president), Atlassian Chief Information Security Officer Adrian Ludwig, and InVision Senior Security Engineer Sara Dunnack, on maintaining secure development in a WFH Environment.

Feature image via Pixabay.

Source: InApps.net

List of Keywords users find our article on Google:

success is inevitable empower with education
likehacker
snyk jobs
lynda python
bugcrowd jobs
net10
“hacker one”
bugcrowd linkedin
home office wikipedia
snyk learn
invision linkedin
snyk python
linkedin hackerone
linkedin learning ssh course
linkedin bug bounty
working from home wikipedia
hire remote pytorch developers
is cybrary really free
stik deep (don’t panic)
hackerone leaderboard
snyk jira
snyk tutorial
python lynda
snyk api
atlassian 2 factor authentication
cybrary.it reviews
hackerone jobs
atlassian swag
deep security saas
invision security
obscure company logos
method used for strengthening the security of saas application
linkedin bug
codecademy javascript
linkedin javascript assessment
workday wawa
Rate this post
As a Senior Tech Enthusiast, I bring a decade of experience to the realm of tech writing, blending deep industry knowledge with a passion for storytelling. With expertise in software development to emerging tech trends like AI and IoT—my articles not only inform but also inspire. My journey in tech writing has been marked by a commitment to accuracy, clarity, and engaging storytelling, making me a trusted voice in the tech community.

Let’s create the next big thing together!

Coming together is a beginning. Keeping together is progress. Working together is success.

Let’s talk

Get a custom Proposal

Please fill in your information and your need to get a suitable solution.

    You need to enter your email to download

      Success. Downloading...