Challenges of Secure Software Deployment: An Empirical Study

Software deployment is considered the last stage of the software development life cycle (SDLC). It includes executing software in a customer environment and handling software configuration and activation activities. Nowadays, security has been integrated with the SDLC stages - involving secure requirements, secure design and development, and secure deployment - to produce secure software. However, the software has become more complex in recent customer environments, putting more pressure on securely deploying the software. Additionally, some security attacks such as man in the middle can influence the progress of software deployment. This study investigates the most frequent challenges that can hinder secure software deployment in organizations from the academic and industry perspectives. Initially, a traditional literature review was conducted to identify secure software deployment challenges. A set of interviews with twelve IT professionals was performed to identify additional challenges of secure software deployment. The literature results showed that the variety and complexity of customer site, dependencies on hardware, network, and legacy applications, lack of basic security measures, the man in the middle attacks, and the effect of access control were the most critical challenges for secure software deployment. From the industry side, the top five secure software deployment challenges were wrong management decisions, deployment without planning, lack of knowledge of what to deploy, lack of security requirements, and lack of team development and operation skills. The outcomes of this research are expected to increase the awareness levels of secure software deployment professionals and organizations.