Application Lifecycle Management is the ability to manage the life cycle od a software application, including the specification, design, development and the testing, throughout the birth of the application to its potential retirement. ALM is a much needed tool that Sifers-Grayson could easily take advantage of, simply because what it has to offer to the company. ALM can be another way to make certain items be more secure then others, protecting the overall integrity of a design and having ways to complete the design faster then normal means.
ALM Software has many capabilities that can make a company better in the long run. No matter the method used, “it can help reduce your product’s time to market.” (Application, n.d.) Overall, it uses three phases to assist and manage app development: requirements, development, and operations. ALM tends to help with the missed deadline process. The issue Sifers-Grayson had was leaving the designs out in the open on a simple USB drive. With ALM, everything is computer based, and there is no need to swap the plans around to different people, as the tool allows access like any computer based program does. There are plenty of tools on the market, and each can be used for different reasons. Some can offer various ways of inputting source code and executables. “One of the key attributes that distinguishes ALM suites from mere project management tools or issue tracking systems is that they include the QA part of the software development process” (What is. n.d.) Qaulity Assurance is always needed when testing out a product to ensure it works and figure out the bugs.
There is also a way to improve overall security, and that is with SALM. “SALM systems defines specific application security defects and their corresponding preventative controls as relevant to a given application by rules relating to the application’s underlying properties.” (Introducing, 4) It is just another layer that increases the overall security of an application or design for the company. The implementation of access control and the proper need-to-know can continue to be maintained, as all access can be monitored with proper user access and login credentials. There are also ways to audit the people who use it, to ensure there is no insider-threat as well, so long as the IT department is monitoring the use of it.
ALM would of helped prevent a successsful attack from the Red Team had it been deployed sooner. However, just like any mistake, Sifers-Grayson will learn from it and continue to move forward, correcting the past issues in order to prevent it from happening again.