Something that is really hard about application security is that it isn’t something you can just point a tool at and be finished at some point in time. It is always going to take ongoing work. I like to use the analogy of a garden. Both the plants in the garden and the conditions around them change no matter what we do. Maintaining a beautiful garden is a labor of love and an ongoing investment in time. We could think of our applications in the same way.
Unfortunately, many applications look more like this example of an overgrown garden. The original intent of many applications tends to get bent, expanded or even lost as systems evolve. In some cases, the original beauty and architecture are lost in the complexity and difficulty managing the result.
When we think about application security, we are always looking for ways to make it a habit – something that people naturally think about and take care of. I’d even go so far as to say that tending our security garden needs to be a labor of love.
So what do we do? There are many layers to these examples that we can learn from:
- We get tools to help us: clippers, weed whackers, fertilizer, hoses, wheelbarrows, etc. We learn how to use the tools.
- We plan to work in the garden periodically. If we don’t, we know it is going to take more work dedicated to clean up.
- We plan the garden and take out the plants that aren’t working.
- We balance our time around different areas. One wildly overgrown plant can make the whole garden less pleasant. We know some plants take more work than others.
- We aren’t afraid to get dirty. We know it is work. We’re satisfied when we’re done.
Unfortunately, with software, outside of the development team, it is often difficult to tell whether the garden looks great and is well tended or if it is a bit of a mess…
That’s one of the key reasons Jemurai is built the way we are – around expert software developers that know good software – only very strong developers can look at systems and help make them beautiful like the Japanese garden pictured above.