For years enterprises have been happily spending billions of dollars on \u201ccyber security\u201d to deal with an ongoing cat and mouse game\u200a\u2014\u200acorporate IT security.Here is how the game works: every week a new threat appears, and every week a new feature is released that controls the issue. Security vendors continue to innovate and release a slew of new tactics like endpoint security, malware detectors, crowd sourced analytics and now machine learning to keep up with the rapid pace of threat evolution.In what is still is a cat and mouse game of \u201cthe enterprise playing catch up,\u201d the threats are now so complex and the solutions so esoteric that the typical enterprise follows what others are doing instead of taking a deep look at their own security strategy holistically\u200a\u2014\u200awho can blame them, everyone is super busy right? To compound it further, mindshare of the CIO still sit in post-deployment security exclusively.The solution landscape is fragmented; hundreds of companies in dozens of subcategories. It\u2019s a byproduct of point solutions addressing individual threats for post-deployment scenarios. Furthermore, according to the Cisco 2017 mid-year security report, hackers are taking advantage of the situation:\u201cThe dramatic increase in cyber attack frequency, complexity, and size over the past year suggests that the economics of hacking have turned a corner, according to Radware, a Cisco partner. Radware notes that the modern hacking community is benefiting from quick and easy access to a range of useful and low-cost resources.\u201dThe report merely affirms what the boardroom already knows\u200a\u2014\u200athe security gap is widening as traditional endpoint, and perimeter based security solutions are no longer enough to protect digital data. Security Incident Event Management (SIEM), Identity and Access Management (IAM) and emerging technologies such as cloud-based malware sandboxes, cloud-based data encryption and web application firewalls are the fastest growing cloud-based security services segments. Yet, all of these solutions double-down on post-deployment scenarios. ThinkstockThreats persist and are now plaguing Network Operation Centers (NOC) with \u201cAlert fatigue.\u201d Security talent is at an all time low\u200a\u2014\u200ashortages everywhere, while the demands of the NOC are blowing up. Many security personnel see far more daily alerts than they can investigate, leaving potentially serious threats unaddressed. There are several causes of alert fatigue. Siloed systems may create duplicate alerts, or teams may not have the knowledge to distinguish between low and high-priority alerts, or false positives. They may lack auditing tools such as auditing that can determine the source of potential threats. There are now so many tools and so many events happening that organizations have started to purchase products to consolidate and filter these events to handle the post-deployment threat crisis.\u00a0Enterprises are overwhelmed, spending more every year and still losing.Something is missingBy ignoring the root cause of the issue, vendors are simply stacking more and more software on top the same post-deployment problem.\u201dWe must fundamentally change the lens around the security lifecycle and address the fact that before software grows up\u200a\u2014\u200ainto the products that are deployed and consumed by enterprises\u200a\u2014\u200ait is born as code. Code is born in version control.\u201dIf code is born in version control does it not make sense to detect, mitigate and remediate the security issues at the source\u200a\u2014\u200ainstead of later? If not addressed early on, the code will surely transform into IT backdoors, data breaches and other threats that could be catastrophic for an organization\u2019s brand? Just look at the recent release of the Apache Struts vulnerability that affected nearly all Fortune 100 organizations. The simple vulnerability had been sitting there for years.Years.I\u2019ll use an analogy; what sense does it make to build stronger doors, thicker walls and larger fences around a home when the bad guys are already in the house? Those tactics are important yes, but what is most important is looking at how bad guys were able to enter the house in the first place.I believe in holistic enterprise security. I believe in defense-in-depth. Securing code at the point of birth. Not just post-deployment, but pre-deployment as well. For too long have CISO\u2019s ignored their most vulnerable asset their source code\u200a\u2014\u200awhen making security investments.\u00a0Security does not mean loss of agility or speed\u200a\u2014\u200ain fact with the Cloud, it means just the opposite.I believe the world can be a better place if there are less vulnerabilities, less attacks, less people being held hostage by nefarious actors due to software vulnerabilities, and less money wasted on band-aid point solutions. As a community of software developers and service companies it is our job to protect our end customers. Let\u2019s do so by starting with source code security!So why now?More and more enterprises are under pressure to move to the cloud. Competition, budgets and the unrelenting pace of innovation is forcing organizations to rethink on-premise investments. Security takes a back-seat as pace becomes an over-riding KPI to success. It\u2019s time to make a serious push to the cloud and I\u2019ll tell you why.The cloud is where new services are created. This is where the innovation is occurring and software development teams are taking notice. Productivity and quality can be greatly enhanced by leveraging a myriad of cloud tools in your software development process (SDLC). If you don\u2019t already know\u200a\u2014\u200ayour developers are probably already doing this\u2014maybe in secret. But what if they could do it without compromising security? What if they could do it as part of your comprehensive corporate IT security strategy?At Assembla, where I lead technical strategy, we are answering this issue for our customers by doubling down on Subversion (SVN), making major enhancements to the centralized system, and making it available in the cloud. We\u2019ve found that enterprises run on SVN, which powers mission-critical projects with front and center compliance requirements. Until recently, enterprises have been forced to settle for distributed version control and non-trunk based development to get to the cloud.Whether it be SOC II, HIPAA or the EU\u2019s upcoming GDPR we live and breathe compliance and have built a suite that lets your development move to the cloud while meeting stringent standards.Your next steps are clear: speak with your development directors and find out\u2026What policies exist for managing our code & open source?Is there a list of components used in all of our applications?How are we creating the list and auditing it?What controls do they have to ensure unsecure libraries slip through into our software?How are we tracking vulnerabilities for all components over time?Stay tuned for more updates on enterprise cloud version control by following me or get on\u00a0Twitter\u00a0to stay up to date.