How CISOs Can Shift from Application Security to Product Security 

Product security teams are becoming more popular for the in-depth security approach they take when compared to appsec teams. But there is more to it, which includes creating a security-conscious culture.

Whether you call it shift-left security, baked-in security, or security-by-design, forward-thinking enterprises today understand that they need to make security a consideration throughout the entire lifecycle of not just individual applications but the business product that they support. To do this, an increasing number of enterprises are using product security teams and product security officers as a way to effect this change.

For some companies product security may focus solely on external customers but others consider even internal projects like critical back-end financial or HR systems to be within that product security umbrella. Either way, the product security outlook is more all-encompassing, explains Sam Rehman, CISO at EPAM Systems, a global software development firm. “This involves a broader scope, encompassing operational and technical controls, the overall environment, client identities, as well as mechanisms for detecting and responding to potential issues in the service,” he says.

Read the full article here.

Learn how to ensure operational resilience against evolving cybersecurity threats here.