Feeds

Reg readers on: Stuff you run vs stuff you run it on

Poll results

  • alert
  • submit to reddit

SANS - Survey on application security programs

Workshop Thanks to everyone who took part in our latest mini-poll, which teased out some insights on how you balance the requirements of the teams that build and operate the resources and capabilities running in the server room.

On the face of it, the overall relationship between software developers / procurement and those tasked with running applications appears quite healthy (figure 1). In fact, 60 per cent of you fell into the three camps that we could argue are the most desirable in terms of striking a balance between requirements and capabilities – and only 25 per cent felt that application workloads were built with scant regard for operations. So far so good.

Figure 1

Let's focus on what drives the requirements on how applications are managed? Our Reg reader poll proved to be a pretty broad sample. The SLA merchants roughly balance with the ‘ad hoc basis’ players; and IT practitioners ‘flying by the seat of their pants’ matched those who managed their applications on an individual basis.

Figure 2

How do the approaches fare when it comes to taking a call on their effectiveness? Interestingly there are few marked differences between the SLA (service level agreement), ‘manage everything’ and on ‘each app’s merit’ approaches. We can see that formal SLAs do not guarantee the most effective management of software applications – but perhaps this doesn’t matter, apart from that with an SLA you know when something went wrong.

Clearly, there is little between adopting a more ad-hoc approach and flying completely blind. The former group may be fooling themselves, but it’s amusing to see that ‘flying blind’ attracted more ‘5’ scores than ‘informally trying to maintain pace with the businesses needs’ did. We know who you are.

Figure 3

When we dig down into the data (not shown) and cross match the approaches with specific problems encountered, we do see the expected differences - that the SLA guys lead the way, but not always by much margin, and the pant-seat flyers generally lag in all categories. But beyond that it’s a mixed-up bag, and we couldn’t really pull out any trends strong enough to report back on.

Overall, we picked up acknowledgement of the opportunity improvement in quite a few areas - User skills and training came out on top. Does lack of training lead to actual application management issues beyond stressing the help desk with password reset requests? We’d love to know more about that.

Figure 4

Ultimately, from what we can glean from such a short poll, the balance between requirements and resources seems to be in good shape for most of you. Sure, we know from recent projects that often there are serious implications of the practice of ‘develop and hope’ when it comes to operational resilience, but given the horror stories we’ve heard from you in other areas, this all looks relatively sensible. Which is a bit of a result.

Combat fraud and increase customer satisfaction

More from The Register

next story
Reg man builds smart home rig, gains SUPREME CONTROL of DOMAIN – Pics
LightwaveRF and Arduino: Bright ideas for dim DIYers
Leaked pics show EMBIGGENED iPhone 6 screen
Fat-fingered fanbois rejoice over Chinternet snaps
Apple patent LOCKS drivers out of their OWN PHONES
I'm sorry Dave, I'm afraid I can't let you text that
Microsoft signs Motorola to Android patent pact – no, not THAT Motorola
The part that Google never got will play ball with Redmond
Slip your finger in this ring and unlock your backdoor, phone, etc
Take a look at this new NFC jewellery – why, what were you thinking of?
Happy 25th birthday, Game Boy!
Monochrome handset ushered in modern mobile gaming era
Rounded corners? Pah! Amazon's '3D phone has eye-tracking tech'
Now THAT'S what we call a proper new feature
US mobile firms cave on kill switch, agree to install anti-theft code
Slow and kludgy rollout will protect corporate profits
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.