Security review is a common process for new application. It can be time consuming and when security and application cannot align focus on a common ground. These are some tips where application team can preempt and prepare for security review.
Design for Security
Often, application design focus on security requirements prior to go live. This can be detrimental when security team do not approved the architectural design because of security concerns. It is important to consider security design from day 1. Cloud security is one key area that is standard for all cloud deployments. Thus, the rule of thumb is to design security before you start your application development.
Iterate Security Review
Security review is an iterative process. Alignment with security expectations is important to secure the features. However, there are times where timeliness and cost outweighs the security request. You should iterate the security requirements and align on a common understanding. One such method is limit the exposure of your data in public subnet. Do note that it is not possible to clear security review in one setting. Thus, it is realistic to plan for security review process in your application development.
Security review is a common process for cloud development. This is because the notion of cloud is not within your own secured space. Therefore, you must include security design from the start of your project and plan for security review process. Getting the sign off from security team will lend confidence in your application.