Successfully reported this slideshow.

Security Development Life Cycle


Published on

Tony Seno Hartono (National Technology Officer, Microsoft Indonesia)

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

Security Development Life Cycle

  1. 1. Tata Kelola Pengamanan Perangkat Lunak Tony Seno Hartono National Technology Officer Microsoft Indonesia
  2. 2. Portal & Collaboration Content & Enterprise Search Project Accounting & Grants Mgmt Identity Single Domain Workflow & Automation Budget Planning & Formulation Policy Enforcement On Premise BI & Data Mining Productivity Budget Management Information Security & Privacy Language Translation Human Resources Mgmt & Payroll Data Loss Prevention Big Data & Social Media Analytics Assessment Database/ Geo Location & Data Warehousing Maps Private Cloud Email & Calendar Information Gathering Middleware, & Interoperability Enterpris Commu Infor Dissem Disaster Re Business C Public Cloud
  3. 3. User and Device Management in Microsoft Tony Seno Hartono National Technology Officer Microsoft Indonesia
  4. 4. Today’s challenges Users Devices Apps Data Users expect to be able to work in any location and have access to all their work resources. The explosion of devices is eroding the standards-based approach to corporate IT. Deploying and managing applications across platforms is difficult. Users need to be productive while maintaining compliance and reducing risk.
  5. 5. User and Device Management Enable users Access to company resources consistently across devices Simplified registration and enrollment of devices Synchronized corporate data Unify your environment Protect your data On-premises and cloud-based management of devices within a single console. Protect corporate information by selectively wiping apps and data from retired/lost devices Simplified, user-centric application management across devices A common identity for accessing resources on-premises and in the cloud Comprehensive settings management across platforms, including certificates, VPNs, and wireless network profiles Identify which mobile devices have been compromised
  6. 6. Help protect corporate information and manage risk Lost or Stolen Retired Lost or Enrollment Stolen • Identify at-risk devices through jailbreak and root Retired detection Users can access corporate data regardless of device or location with Work Folders for data sync and desktop virtualization for centralized applications. IT can provide a secure and familiar solution for users to access sensitive corporate data from anywhere with VDI and RemoteApp technologies. • Selective wipe removes corporate applications, data, Personal Apps and Data Company Apps and Data certificates/profiles, and policies Company Apps supported by based as and Data each platform Remote App Centralized Data • Full wipe as supported by each platform Remote App • Can be executed by IT or by user via Company Portal Policies Policies • Sensitive data or applications can be kept off device and accessed via Remote Desktop Services Personal Apps and Data
  7. 7. Microsoft Security Development Lifecycle
  8. 8. HEADLINES How hackers allegedly stole “unlimited” amounts of cash US economy up to Cybercrime costs from banks in just a few hours $140 billion annually, report says [2013] Ars Technica [2013] Los Angeles Times [2013] Malware burrows deep into computer BIOS to escape AV The Register [September 2011] Researchers have discovered one of the first pieces ever used in the wild that modifies the software on the motherboard of infected computers to ensure the infection can’t be easily eradicated… Cyberspace changes the fog of war Universities face a rising barrage of cyberattacks Ars Technica [2013] Cyberattacks on the rise against US corporations Espionage malware infects rafts of governments, industries around the world New York Times [2013] Ars Technica [2013] Forget carjacking, soon it will be carhacking The Sydney Morning Herald [2013] Rising cyber security risks to drivers as their cars become increasingly powered by and connected to computers have prompted the US auto-safety regulator to start a new office focusing on the threat…
  9. 9. Business Innovation
  10. 10. Application Lifecycle Management Tony Seno Hartono National Technology Officer, Microsoft Indonesia
  11. 11. stake holders in development process
  12. 12. Stake holders in development process
  14. 14. Planning No-process SCM Work Item Tracking Testing Tools and Services SCRUM Lab Management CMMI Build Automation Integrated Reporting and Analytics Custom
  15. 15. Modern Application Lifecycle Management Define Ideation Implement Develop Idea to working software Monitor Operate Working software in production Value realization 44 agile planning Team Integration | Increased Efficiency | Shorter Cycle Times | Reduced Costs
  16. 16. Define Ideation Microsoft Office REQUIREMENTS PRODUCT BACKLOG Visual Studio 11 Application Lifecycle Management Expression Blend/ SketchFlow Develop Idea to working software Third Party Tools Sprint Visual Studio Operate Monitor TEAM FOUNDATION SERVER Systems Center OPS BACKLOG Project Server WORKING SOFTWARE Deployment to feedback Windows Azure Windows Server
  17. 17. Project management dashboard 46 agile planning
  18. 18. Planning for continuous value delivery Manage Demand and Define Requirements Minimal Planning Minimal Risk Most Value Continuous cadence of value delivery 47 agile planning Highest Value Features
  19. 19. Build, Measure, Learn - Repeat Traditional Planning Agile Planning Increased value over time Value Value Time spent on planning 48 agile planning Time spent on planning
  20. 20.
  21. 21. Roles Product Owner Scrum Master Development Team Events The Sprint Sprint Planning Meeting Daily Scrum Sprint Review Sprint Retrospective Note: All Events are timeboxed Artifacts Product Backlog Sprint Backlog The Increment (of working software)
  22. 22. collaboration and planning the Product Backlog 52 agile planning
  23. 23. Planning what can be done next 53 agile planning
  24. 24. Balancing work with team capacity 54 agile planning
  25. 25. Burndown chart – will the work get done? 55 agile planning
  26. 26. Task board – a status update on all work 56 agile planning
  27. 27. Using the Kanban Board to optimize work flow 57 agile planning
  28. 28. Project management dashboard 58 agile planning
  29. 29. Document requirements as BRDs and functional specs QA Write code to implement requirements UA T Testing post implementation. Mostly manual with limited automation. Operations readiness verification UAT post implementation and systems testing Pre-deployment verification
  30. 30. Continuous quality Shortened cycle times
  31. 31. Manual testing User Interface Automated testing Services Business Processes Business Rules and Logic Service integrations Data access Identity Data Automated testing
  32. 32. Thank You