The Pentagon has no idea how to deal with bad cloud contracts, say auditors Pointing out IT failures at the US Department of Defense is like shooting fish in a barrel, but here we are with another in the cross-hairs: this time it's the DoD that has failed to account for the costs associated with restrictive cloud licensing agreements. According to the Government Accountability Office (GAO), …
"the Pentagon wasn't doing enough to keep up with evolving threats by, among other things, adopting the cutting-edge strategy of agile software development"
In my experience, 'agile' development (expressly in quotes as that reflects common practice*) contributes significantly to vulnerability to evolving threats. That's primarily due to the difficulty of integrating universally adhered-to coherent secure development practices into a coding environment that proceeds directly from concept to implementation at the discretion of multiple separate development individuals or teams, eliminating a centralised formal design stage.
Agile is an excellent approach for UI and non-critical functionality, but it's not a panacea. More rigorous methods are needed some cases, particularly that of sensitive data processing.
*What passes for 'agile' is in many cases merely uncontrolled and poorly documented ad hoc coding.
.
Of course, but actually progressing in smaller well defined steps while following strictly security constraints, and updating the security testing and documentation at each step as new knowledge becomes available - that wouldn't be a bad thing, no matter what you call it.
That fully moving to the cloud is a big mistake, at work. Being the only engineer they listen to the MSP over my suggestions. The MSP only cares for the kick back they get from the cloud provider. It also makes it alot easier for the MSP to do work without visiting site and potentially to fully take over and make me redundant. The bean counters don't understand this will end up being more expensive, mark my words. And get rid of me and the support will tank as you loose all that local knowledge.
I'm becoming disillusioned working in IT and would love to retire but already underpaid for what I do.
