Securing identities in software development life cycles
Abstract
Security within the software development life cycle (SDLC) has traditionally focused on safeguarding code — through secret scanning, open-source package vetting, and code analysis. While this has strengthened application-level security, the assumption that code security alone is sufficient to prevent breaches has proven inadequate. This paper explores the processes, tools, and best practices involved in the code-to-cloud journey, with a particular focus on a frequently overlooked aspect of SDLC: identity management, encompassing both human developers and non-human identities. Through a case study, it demonstrates why identity threats must be treated with the same urgency as code and infrastructure vulnerabilities. The paper presents a framework for establishing a secure software development process, offering end-to-end protection that includes both tooling and identity governance. This article is also included in The Business & Management Collection which can be accessed at https://hstalks.com/business/.
The full article is available to subscribers to the journal.
Author's Biography
Maya Neelakandhan is the Vice President, Engineering at BlueFlag Security, building a security platform that provides multilayer defence in software development life cycle security. Prior to BlueFlag Security, Maya was one of the founding engineers at CloudKnox. She was involved in building the patented CloudKnox Cloud Infrastructure Entitlement Management platform, and was part of the engineering team at Oracle in the Identity Cloud services team, Oblix and multiple other start-ups. Maya holds an engineering degree from the Indian Institute of Technology, Mumbai, India.
Guruprasad Ramprakash is a Senior Product Manager at BlueFlag Security. In his role, he helped shape product-level requirements for securing identity across the software development life cycle. His background includes engineering and productising Software-as-a-Service solutions for identity and security companies. He holds an engineering degree from College of Engineering, Guindy, Chennai, India.
Deepika Gautam , CISSP, is Co-Founder and Head of Security Engineering and Strategy at Aplima Solutions, where she partners with organisations to embed security into software delivery, scale DevSecOps capabilities and reduce risk in modern cloud environments. With over 20 years’ progressive experience across software development, DevOps and cyber security, Deepika brings a cross-functional approach to building secure, resilient systems. A recognised author and speaker, she contributes thought leadership and advises on cyber security strategy.
