There are very good reasons why security and quality assurance work better together, but the biggest is risk mitigation on a granular level
It’s a mess out there. Poor data protection, limited security budgets, increasingly elusive security talent, smart and sophisticated cybercriminals and relentlessly malicious threats targeting employees remain key issues impacting the business. The statistics underline these challenges in red pen – 95% of breaches are caused by human error (Word Economic Forum), 68% of business leaders feel like the risk is getting worse (Accenture), and cyber-fatigue affects 42% of companies (Cisco), and the sheer volume of data breaches is growing exponentially year on year.
This is not a mess that any one business can tidy. As Mandla Mbonambi, CEO of Africonology points out, “Cybercrime isn’t going to disappear or change, it’s only going to get worse. What has to change instead, is how companies approach cybercrime and their security. It needs to be embedded into the very fabric of the organisation to ensure it can adapt and flex to the threats and the business itself.”
Enter security and quality assurance, the perfect cybercrime love match. These two skillsets offer the organisation a smart and scalable way of managing vulnerabilities within software and systems. Both these disciplines are aligned in their goal of reducing the risks facing the business and, if managed correctly, can make it easier to manage security and the threat landscape.
“When you combine the disciplines, you can constantly refine your applications, software and systems,” says Mbonambi. “For example, if security is pulled into the quality assurance (QA) process then they will likely find vulnerabilities or risk factors that the QA team may have missed. This then adds another layer of trust to the software and the organisation’s overall security posture.”
On the flip side, if security runs its systems and solutions past the QA team, then the quality of security systems and integrations will improve measurably. Often, the hiccups caused by security integrations are only found far down the implementation chain and can cost the company time and money to repair. If security and QA are collaborating effectively, then this has the potential to minimise that risk while increasing the uptake of security within the company.
“It stands to reason that this automatically reduces costs and introduces time savings,” says Mbonambi. “It may sound counterintuitive – the time spent passing systems by one or other team adding length to deadlines and implementations – but the reverse is true. If the problems are ironed out from the outset, there is less time spent on troubleshooting later. And, there are the very obvious time and cost factors that come with a breach and these have been regularly publicised.”
When you add all these factors together, the wonderful intersection of QA and security means that all software within the business is inherently more secure. It measurably reduces risk, cuts the chance of unexpected vulnerabilities and minimises the chance of defects within the software that could either impact performance or security.
“Another plus here is that if you can get both teams collaborating and make this a habit, then all future software developments are going to share all these qualities, and more,” concludes Mbonambi. “If these teams can connect throughout the development process, then they are embedding best practices and delivering solutions that are of exceptionally high quality. Solutions that are more likely to gain traction and remain in play long after those with holes and flaws have been put to rest.”
In the end, it is up to the business how it wants to connect and integrate these teams, but the best practice should be complete collaboration within a shared discipline that reflects the value of both.