Critique No 1.
Sifers-Grayson is a fast-growing company, and this means that security risks are fast-growing as well. At this point, an Application Lifecycle Management (ALM) tool is an absolute necessity. Lifecycle management by itself helps to document all security decisions and provides the assurance to management that security was considered in all phases of the software development lifecycle (Kessler, Stine, School, Rossman, Fahlsing & Gulick 2008). ALM coves all of the steps of developing new software and strives to improve efficiency during the process.
Sifers-Grayson is expanding rapidly, and a secure ALM provides traceability and transparency of access control without creating overhead. Taking on more government contracts, using an ALM tool will ensure that the company is complying with regulations such as Sarbanes-Oxley, ISO standards, and many other authorities, both in the US and overseas. Documentation throughout the lifecycle is required, and an ALM tool can smooth and streamline the process (Owen, September 2015). Providing audit trails that prove compliance with regulations will ensure accountability.
An ALM tool will also streamline app development in that it can be used as a “central hub” where all of the resources concerning the lifecycle and development of the app are stored (Dimitrijevic, n.d.). All documents, including code, white papers, processes, will be stored in the hub and will be traceable, creating accountability throughout the entire process. Maintaining standard project documents, that meet audit and regulatory compliance in the hub is also an added benefit of an ALM.
While having an ALM won’t stop what happened during the red-teaming of Sifers-Grayson, it will at least provide the accountability that is needed to ensure this doesn’t happen again. A robust ALM will provide security tools that are embedded in every step of the Software Development LifeCycle.