A recent survey by Trustwave found that 80% of IT Pros reported being pressured to deploy IT projects into production environments before they’d been able to resolve all security issues.
If you asked most IT Pros if they’d stand up to a superior when asked to deploy a project they believed had security problems, they’d answer yes. Lets face it though, it is easy to be principled when you’re dealing with a hypothetical situation.
In a real-world scenario where a superior is breathing down your neck? Things are a little more complicated.
What the survey seems to suggest is that in the real world, where a demand was made of IT Pros to deploy a project they believe had suspect security, most of them succumbed.
The real secret here is that security needs to be built into a project from its inception. If there are security questions around the project when approaching deployment, the security has probably been bolted on after the project has been going for some time. It’s best not to approach security as the icing on the cake, to be added last prior to deployment, but as one of the primary ingredients, mixed in from the start.