Considering the Increasing Need for Security

Many of the readers I work with have noted an increase in the amount of security information I provide in my books. For example, instead of being limited to a specific section of the book, books such as Microsoft ADO.NET Entity Framework Step by Step (the new name for Entity Framework Development Step by Step) and HTML5 Programming with JavaScript for Dummies provide security suggestions and solutions throughout the book. The fact of the matter is that this additional security information is necessary.

There are a number of factors that have changed the development environment and the way you design applications. The most significant of these factors is the whole Bring Your Own Device (BYOD) phenomenon. Users bring devices from home and simply expect them to work. They don’t want to hear that their favorite device, no matter how obscure or unpopular, won’t work with your application. Because these devices aren’t under the IT department’s control, are completely unsecured, and could be loaded with all sorts of nasty software, you have to assume that your application is always under attack.

Years of trying to convince users to adopt safer computing practices has also convinced me that users are completely unconcerned about security, even when a lack of security damages data. All the user knows is that the application is supposed to work whenever called upon to do so. It’s someone else’s responsibility to ensure that application data remains safe and that the application continues to function no matter how poorly treated by the user (through ignorance or irresponsible behavior is beside the point). Because of this revelation of human behavior, it has become more important to include additional security discussions in my book. If the developers and administrators are going to be held responsible for the user’s actions, at least I can try to arm them with good information.

The decentralized nature of the security information is also a change. Yes, many of my books will still include a specific security chapter. However, after getting a lot of input from readers, it has become apparent that most readers aren’t looking in the security-specific chapter for information. It’s easier and better if much of the security information appears with the programming or administration techniques that the reader is reviewing at any given time. As a consequence, some of my books will contain a great deal of security information but won’t even have a chapter devoted to security issues.

I’m constantly looking for new ways to make your reading experience better. Of course, that means getting as much input as I can from you and also discussing these issues on my blog. If you have any ideas on ways that I can better present security issues to you, let me know at John@JohnMuellerBooks.com.