DrupalCamp Spain 2016 is coming to the southern city of Granada on 22 to 24th of April. SwiftCircle is sponsoring the event and I will be talking about IT Security.
DrupalCamp Spain 2016 is coming to the southern city of Granada on 22 to 24th of April. SwiftCircle is sponsoring the event and I will be talking about Security.
I won't cover too many technical details; instead I'll focus on recommendations for everyone involved in a project.
Security is a crucial aspect of any IT project. Having a single point of failure can be disastrous: reputation loss, legal issues, and a long list of other worries you don't want to face.
Clients and users are often confident about the application being safe and secure - they assume that the developers know what they're doing.
Developers are often confident too: they assume that their tools (frameworks and libraries) are secure by nature. They assume that the people who built the tools know what they're doing.
Many people in management fail to appreciate the importance of spending time and money on security. They assume that both their developers and they tools they're using have security "automagically" built in.
Or, more dangerously, they sometimes reason that they'll deal with it if and when some security incident actually happens.
In reality, when a security incident does happen, the fallout is almost always bad, and dealing with it always costs much more than prevention. Imagine your customer's data gets stolen and sold on the black market, posted online, or published by the media.
The starting point for the session will be the current general state of IT security. We will review some bad habits we, as a sector, tend to keep repeating on each project - mostly due to lack of knowledge and culture. We'll see how to turn bad habits into good ones.
We'll see how every member of the team is responsible and how they can all contribute to IT Security in their own way.
Hope to see you at DrupalCamp Granada!