Executive Insights: Cybersecurity challenges and the future of testing
We recently sat down with SAP Quality Assurance Solutions VP for the Americas Gregory Martini and SAP Quality Assurance Solutions Director Andreas Gloege, to talk about what’s new in the world of quality assurance and testing. Here’s what they had to say.
Cybersecurity is a hot news topic, and a growing concern for companies of all sizes. What’s driving the increased attention?
GM: The news is full of stories of cyber attacks. One day it’s a Hollywood studio, the next a big-name retailer or government agency. It seems like no organization is immune to determined hackers. When a large organization is hacked, it affects the entire ecosystem, including customers, employees, suppliers, and partner organizations. Professional IT and application hacking is a growing global business, often originating in China, Russia, and other remote locations.
AG: Our customers are worried about potential security breaches and the brand, legal, and financial damage that results from stolen data. They want to make sure their business processes, applications, and data are secure.
Where are organizations most vulnerable from a security standpoint?
GM: Most organizations have already hardened their perimeter with firewalls, VPNs, and the like. However, we often see customers add custom solutions—which can compromise that level of security. Many of these custom solutions are meant for customer, partner, or consumer access to otherwise secure data. These custom solutions essentially poke holes in the firewall, creating vulnerabilities that can be penetrated by creative hackers.
AG: Also, most companies focused on securing their external applications—they assume that anything inside the firewall is secure. But over half of all cybercrimes are committed by internal parties, perhaps consultants, contractors, or disgruntled employees. The risk here can come when the people who wrote the custom code, who have intimate knowledge of that code, leave, potentially compromising application security.
So how can companies guard themselves against security breaches at the application layer?
GM: It’s much more expensive to fix a security issue once the application hits production, so you want to test and address security issues during code development. Security safeguards should be built into the development process of the code. Developers must be trained to write code with cybersecurity top of mind. SAP advocates a solution that supports testing early on during development and coaches the developers during code development, offering recommendations and suggested improvements as they work. Don’t get me wrong – penetration testing is also important. Testing a solution once and counting on the fact that it is safe is a fool’s folly. Hackers will continue to come up with new ways to penetrate applications. That’s one of the reasons that SAP and our partner company HP continue to invest in R&D in this space. Retesting production applications on a regular basis is critical to a solid cyber protection strategy.
With IT budgets shrinking and moving into the lines of business, how can businesses justify the incremental cost of testing protocols?
GM: Test automation reduces the time, resources, and money required for functional testing. Automation makes it easier and faster for companies to absorb new technology. Lines of business are demanding new technology that makes it easier to conduct business. To ensure that this new technology is secure, functionally correct, and able to perform under user pressure, we need faster, cheaper, automated testing approaches that focus on the areas that have been changed, or the areas of highest vulnerability. Testing the entire environment can be wasteful if it isn’t necessary.
What might the future of testing look like?
AG: Companies are more connected to technology, and rely on it to achieve desired business results. But to achieve this level of agility, to secure the applications and data required to run the business, they need automated, flexible, and robust testing.
GM: We ultimately need to bring together multiple forms of testing – including performance, functional, and security testing – so we can keep up with technology innovations. And we need to continually secure applications during production.
AG: And securing applications is not a one-time activity. Hackers are always innovating, and we need new levels of security testing to protect applications.
How can SAP help?
GM: SAP and our partner organizations can help you create a testing strategy that can sustain testing over time. We go beyond just setting up a single test project; instead, we can help you build testing automation into your development process and quickly and securely adopt innovative technologies.
Learn more about SAP Quality Assurance Solutions.