Breaking Organizational Silos for Better Application Security

by Phil Vuollet on July 8, 2021

We are all familiar with the way organizations are typically structured along functional lines, such as sales, marketing, development, etc. However, this architecture can lead to a frustrating distance between areas that have to work together to complete a program, project, or even a task.

This is especially crucial to consider with security efforts. Whether separated by functional lines, product areas, physical distance, or any other kind of barrier, it’s important to know how to get these groups on the same page.

At the Elevate 2021 conference, VP of Nomura Aruneesh Salhotra explained silo issues and how to improve security.

Who is responsible for application security?

Even if your organization has a security department, it doesn’t mean that department is wholly responsible for all aspects of security. While they may define policy, create governance, and implement tools, application security is everyone’s job. When the InfoSec department looks for opportunities to improve security, this will usually involve working with other teams such as application engineers, DBAs, and software developers to improve their practices.

Sponsorships Available

But how can organizations with such different mindsets come together under the same roof? One method is to consider a foundation.

What are the key pillars of AppSec?

Imagine a temple of security built in classical Greek architecture with multiple columns holding up the roof, protecting the sacred ground from the elements. Your applications are like the sacred ground, while the roof represents your security program. These pillars are necessary to protect your applications from the outside elements, which are often extremely harsh.

Key pillars of an AppSec program