Johannesburg, 05 Jan 2005
Protection of data against threats from outside organisations is fairly mature and most organisations are now taking steps to improve internal security in terms of access rights and password management, but threats from in-house software are still often overlooked.
This warning comes from Catherine de Klerk, software development consultant at Compuware SA, who says applications that are developed in-house could pose as much threat as vulnerabilities in off-the-shelf packages.
De Klerk says organisations can guarantee a uniform standard of security for internally developed software by automating the coding of all security aspects. However, she says this does not guard against deliberately inserted malicious code.
"Most businesses do not have the controls or processes in place to protect against criminals who have the technical knowledge to insert malicious code into IT systems," says De Klerk. "This type of threat is difficult to find and usually requires very specialised and technical knowledge."
De Klerk says the only effective way to identify hidden or dormant malicious code is to ensure that rigorous testing is carried out on all lines of code within an application.
"Normally only active code tends to be tested, but that needs to change if businesses are to protect themselves from rogue developers and tech-savvy criminals," advises De Klerk. "It is crucial for businesses to ensure their application development and testing processes are watertight."
De Klerk concedes that increased testing will cost money, but points out that failure to detect hidden malicious could be more costly in the long term.
Share