We live in an application economy.
Like it or not, this economy is underpinned by a sharp double-edged sword.
On one side of the sword, innovation is king, speed is critical, and CEOs are challenging software development teams to release faster, improve quality, and accelerate innovation.
On the other side of the sword -- risk management is king, governance is critical, and CEOs (and auditors) are challenging IT organizations to create controls to minimize risk and automate compliance with a myriad regulatory requirements, including GDPR, which will take effect in May 2018. GDPR mandates organizations must know where and how private data of EU citizens is stored and accessed, and prove that such data is appropriately protected "by design and by default" with appropriate safeguards across the entire software life cycle, from development, to security, to operations.
Stuck in the middle are the teams of people who do the work and run the modern software factory. I am referring to software architects, developers, security professionals, and IT operations managers. For them, the intense pressure to innovate faster is not an excuse to cut corners. Trade-offs are not an option. They must dig deep, eliminate silos, collaborate more effectively, and find ways to serve both sides of the sword.
In this hyper competitive world, open source is the stimulant of choice among software developers. Simply stated, investing time and money to build software from scratch is silly when developers can readily borrow it from someone else who has already done the work and agreed to share it for free. Understandably, these dynamics create an insatiable appetite among developers for open source. Last year alone, developers downloaded 52 billion Java components and 59 billion JavaScript components from public repositories.
While open source provides tremendous energy for modern development teams -- it also creates a unique and difficult challenge for modern IT risk managers and governance professionals. The reasons are simple: open source components are not created equal, and they can go stale quickly and expose organizations like Equifax to massive risk.
So, to serve both sides of the sword and thrive in the application economy, modern IT teams must: (1) continue to accelerate innovation by harnessing all the good that open source has to offer, and (2) minimize risk by continuous governing open source quality, automating enforcement of defined application security policies, and ensuring compliance with regulations like GDPR.