2. Software development for the health industry.
Is it more complicated? Any different? More challenging?
Safety
- high risk
- medium risk
- low risk
(Software is modular, in a constant flux: classification is complicated)
Regulations: constraints, approvals, …
Compliance (CE/Country laws and standards)
Overall complexity: hardware, calculations, data manipulation, …
-> Can be challenging for any software engineer
-> Requirements are paramount!
-> Testing, verification and validation is essential!
-> Project’s success depends heavily on building the right team with the right
skills
7. DevOps
Cutrure: shift from fear of failure to fail fast, from silo to collaboration
Automation: remove human repetitive and error prone tasks
Lean: work in small batches, skim the fat that is not needed
Measure: technical metrics and business metrics
Share: success/defeat in a blameless approach
8. Security
Security Architecture
Identity & Management
API Security
Threat Protection
Key Management
Token ManagementCertificate Management
Policy Management
User Management
Authentication
Authorisation
Policy EnforcementTraffic Management
Loging
Auditing
Key Store
Policy Store
Log Store
TLS
DDoS
Quota
Rate limiting
Payload Protection
Analytics
9. Security: reality and perception
Often:
- happens at the end of the development process
- doesn’t happen at all
- apps are selectively and randomly selected
- security report or veto has little to no consequences
- when security is taken a little more seriously, it might kill weeks/month of
development
Vision
- it’s a black box
- it’s only pen testing
- it’s the last validation step
- risk evaluation and perception are not shared, understood
10. DevOps: “Wild West” or beneficial for security
“Security by design” ethos: integrate security from the get go
- defensive coding
- security focused configurations: app, network, storage
- code review
- pair programming
- static code analysis
- unit testing
- integration testing
- automated security testing
- regulation constraints testing
- infrastructure as code
- automated deployment
Pluridisciplinary teams integrating network, db, security, storage, QA, sys admins …
Include security in every step of the value chain
11. Business life line = customer
- customer oriented
- gather feedback
- prioritise
- incrementally deliver value
- collaborate, adapt, accept change in a controlled way
- protect/shield your customer/business
- integrate the skill sets needed