Strategic Approaches to Digital Platform Security Assurance

These risks do not restrict themselves to the technology domain; new challenges arise by teams working together in a distributed manner to deliver high paced value at a higher pace by reducing the time to market. We see smart cities emerge, and society is taking a more holistic view of the regulation of such high-tech developments.

New risks also emerge from a cybersecurity perspective: who protects our digital sovereignty and our "digital heritage"? Technology is no longer a domain that is shrouded in mystery; instead, it is an essential business discipline here to stay. Business schools worldwide include cybersecurity into their curriculum since roles emerge, and HR professionals need to equip themselves with new insights and understandings of these changing roles. It is also a professional discipline that has got the attention of analysts and supervisory boards.

During the Master research thesis phase of the MSc education at AMS you always discover talented people that can make significant impact in their field of expertise. During 2018-2020 I was honored to supervise 4 talented business executive that did research in Digital Platforms, Distributed Agile and Software development: Maria Chtepen, Dennis Verslegers, Tapan Kumar and Yves Vanderbeken. Their work stands out by the extensive literature examination in academia, as well as practitioner-oriented publications, that could contribute in new strategies towards addressing the problem of securing digital industries. Next to the examination into literature all 4 managed to develop artefacts business leaders can use to improve:

• design and building digital platform-oriented businesses
• ways of working in globally Distributed agile teams (this seems more important during lockdowns)
• architecture software pipeline that pass audits and survive data breaches/hacks
• methods for securing the technological stack in Continuous Delivery Pipelines to ensure safe software.

by Yves Vanderbeken, DXC, Belgium

Business models shift more towards technology driven industries. In this first chapter we elaborate on the multiple business models out there which rely on technology. How the technology contributes to the business goals of in this case governments. We specifically zoom in to Governmental platform services and the key practices they should apply. We focus on this since we see tech-born companies already making the step and disrupt other business models. Governments still need to make this step, therefore examining what practices they should apply in order to become relevant for citizens, appears to be a relevant research lens.

This chapter examines critical success factors that we have turned into practices that every organization immediately can apply.

by Tapan Kumar, Cognizant, The Netherlands

Establishing platforms happens more and more in collaboration with multiple teams producing products. A challenge here is to not lose efficiency and create waste as result of distributed teams working with multiple Frameworks (Less/Safe/Scaled Agile) and multiple regulatory requirements. This chapter examines the blind spots and efficiency factors. It proposes key practices to improve team efficiencies while working in agile teams on platforms. These practices can be applied by practitioners or examined in more detail by academics.

by Maria Chtepen, BNP Paribas Group, Belgium, Belgium & Yuri Bobbert, Antwerp Management School, University of Antwerp, Belgium, ON2IT Netherlands

Regulatory requirements vary from industry and country. Working with multiple teams on products requires proper alignment in Frameworks, controls and architecture principles in order to be end-to-end protected throughout the connected platforms. This chapter examines the multiple compliance frameworks and architectural principles that can be applied to agile way of working and more precise to CICD pipelines. It proposes key practices that practitioners can take into consideration.

by Dennis Verslegers, Orange Cyberdefense, Belgium, Belgium

When working more agile in producing products that serve the business goals it becomes evident that this needs to be done securely and risk free. Working agile in small teams encourages autonomy of the team and the individual and requires everybody to adhere to certain principles (e.g. Agile Manifesto, Security Frameworks like NIST or best practices such as OWASP). This means each team should have clear guidelines and boundaries in which they can make decisions (e.g. implement security, scalability or continuity measures) to develop and release code. This chapter examines the current practices out there in the field and proposes key practices that enable speed and quality without losing money and efficiency. These practices are plotted on the SecDevOps cycle so practitioners and scientist can work from that. The key practices are highly technical and directly applicable in real life.