At QCon San Francisco, Dorota Parad discussed the challenge of aligning security and productivity in software development. She emphasized that traditional security measures can create barriers for engineers, impacting their ability to deliver value. Parad introduced the BLISS framework, which advocates for creating a balance between security and efficiency by implementing isolation (bulkheads), adapting protection levels to risk, minimizing incident impacts, simplifying processes, and fostering an environment where good practices are standard. Her approach aims to protect organizations effectively without hindering development productivity.
Security can be at odds with a fast and efficient development process. Dorota Parad suggests a foundation for security that doesn't impede engineering productivity.
Traditionally, security is all about defense, which creates obstacles that hinder employees as much as, if not more than, the attackers.
Putting too many obstacles in developers' way slows down value delivery, costing the business more than a security incident would.
Parad's BLISS framework emphasizes separation, risk-level protection, minimizing impact, simplicity, and creating an environment where the right actions happen by default.
Collection
[
|
...
]