By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
TechgoonduTechgoondu
  • Audio-visual
  • Enterprise
    • Software
    • Cybersecurity
  • Gaming
  • Imaging
  • Internet
  • Media
  • Mobile
    • Cellphones
    • Tablets
  • PC
  • Telecom
Search
© 2023 Goondu Media Pte Ltd. All Rights Reserved.
Reading: Technologists need a new approach to application security to manage a rapidly expanding attack surface
Share
Aa
TechgoonduTechgoondu
Aa
  • Audio-visual
  • Enterprise
  • Gaming
  • Imaging
  • Internet
  • Media
  • Mobile
  • PC
  • Telecom
Search
  • Audio-visual
  • Enterprise
    • Software
    • Cybersecurity
  • Gaming
  • Imaging
  • Internet
  • Media
  • Mobile
    • Cellphones
    • Tablets
  • PC
  • Telecom
Follow US
© 2023 Goondu Media Pte Ltd. All Rights Reserved.
Techgoondu > Blog > Cybersecurity > Technologists need a new approach to application security to manage a rapidly expanding attack surface
CybersecurityEnterprise

Technologists need a new approach to application security to manage a rapidly expanding attack surface

Techgoondu
Last updated: February 2, 2023 at 5:54 AM
Techgoondu Published February 1, 2023
8 Min Read
SHARE

Brought to you by Cisco AppDynamics

By Joe Byrne, Executive CTO, Cisco AppDynamics

Joe Byrne, Executive CTO, Cisco AppDynamics, PHOTO: Cisco AppDynamics.

Application security has become a major concern for organisations over the last two years. Rapid digital transformation to meet constantly changing customer needs and enable hybrid work has meant a dramatic increase in release velocity. But application security simply hasn’t kept pace.

In the latest research from Cisco AppDynamics, The shift to a security approach for the full application stack, 100 per cent of technologists in Singapore admit that rapid innovation during the pandemic has come at the expense of robust application security. And there is now widespread concern that applications are increasingly vulnerable to new and emerging cybersecurity threats.

With widespread adoption of multi-cloud environments, application components increasingly run on a mix of platforms and on-premise databases, expanding attack surfaces considerably. This is leaving major visibility gaps for IT teams and increasing the risk of a security event, the consequences of which are potentially catastrophic – service disruption and outages which can result in poor customer experience, reputational damage and lost revenue.

The move to cloud native technologies has highlighted the limitations of traditional approaches to application security, where security has often been overlooked until the very end of the production pipeline and there has been very little collaboration between developer and security teams. It has also exposed the shortcomings of siloed security solutions which make it impossible for technologists to cut through data noise to identify security issues which pose the greatest risk to customers and the business.

In order to address this growing challenge, IT departments need to take a security approach to the full application stack, leveraging the power of automation and Artificial Intelligence (AI), and integrating security at every stage of the application lifecycle from the very outset.

Cloud native technologies have dramatically expanded attack surfaces

The research finds that 96 per cent of organisations in Singapore have experienced an expansion in their attack surfaces over the last two years, and 48 per cent state that this is already presenting challenges.

Technologists cite a number of factors that have triggered this expansion in attack surfaces, the most prominent being the increased use of Internet of Things (IoT) and connected devices within their organisation. New hybrid working models have also served to expand attack surfaces.

In addition, rapid cloud adoption and the shift towards microservice-based application architectures are exposing applications to new and more varied vulnerabilities. The sheer volume of applications spread across multiple entities has made monitoring security throughout the DevOps pipeline extremely challenging.

IT teams are becoming overwhelmed by soaring complexity

Unfortunately, most IT teams currently don’t have the right level of visibility into these enlarged attack surfaces to identify and address vulnerabilities. Two thirds of technologists report that their current security solutions work well in silos but not together, meaning that they can’t get a comprehensive view of their organisation’s security posture.

IT teams are being bombarded with security alerts from across the application stack but they simply can’t cut through the data noise to understand the risk level of security issues in order to prioritise remediation based on business impact. And as a result, IT teams are feeling overwhelmed by new security vulnerabilities and threats. In fact, more than half of all technologists admit that their organisation often ends up in ‘security limbo’ because they don’t know what to focus on and prioritise.

The need for DevSecOps and a security approach to the full application stack

Across all industries, there is an acknowledgement that organisations need to take a new approach to application security, not just to avoid a potentially crippling security breach, but also to lay the foundations for a more sustainable approach to innovation. In particular, technologists know that they need to tighten up their security processes if they are to reap the full benefits of modern application stacks over the coming years.

One of the principal ways in which organisations are looking to address the challenge of application security is by moving to a DevSecOps approach, fostering much closer collaboration between DevOps and SecOps teams. DevSecOps integrates application security and compliance testing throughout the software development lifecycle, rather than them being an afterthought at the end of the development pipeline.

This new approach enables developers to embed robust security into every line of code, resulting in more secure applications and easier security management, before, during and after release. But crucially, when DevSecOps works well, it doesn’t slow down release velocity. It shatters the perception that security is an inhibitor of innovation.

Most technologists now regard DevSecOps as essential to effectively protect against a multi-staged security attack on the full application stack and we’re now seeing huge numbers of organisations shifting to this new approach.

As well as a cultural shift within IT departments, with IT teams having to change entrenched mindsets and embrace new ways of working, DevSecOps also requires the implementation of holistic monitoring systems which leverage AI and Machine Learning (ML) technologies to cope with the spiraling volumes of security threats organisations are facing across an expanded attack surface.

This type of automation is vital to identify weaknesses, predict future vulnerabilities and remediate issues. Once IT teams can teach AI tools to identify threats and resolve them independent of an admin, the benefits are game-changing – reduced human error, increased efficiency, and greater agility in development. Indeed, 85 per cent of technologists in Singapore believe that AI will play an increasingly important role in addressing the challenges around speed, scale and skills that their organisation faces in application security.

Technologists are recognizing the need for a security approach for the full application stack that delivers complete protection for their applications, from development through to production, across code, containers and Kubernetes. Alongside this, IT teams are looking to integrate performance and security monitoring with business transaction insights to understand how vulnerabilities and incidents could impact end users and the business. This means that they can cut through data noise and prioritise those threats that could really damage a business critical area of the environment or application.

Ultimately, application security can no longer be an afterthought within digital transformation programs. Organisations need to recognise it as a key element of the application lifecycle, and the foundation for sustainable and accelerated innovation.

You Might Also Like

After another DBS outage, is it time to make banks publicly report service uptime?

IT leaders must manage the tension point between application development and security by embracing a DevSecOps approach

SPTel offers multi-network eSIM service to businesses running IoT apps

As TikTok faces a possible ban in the US, should users elsewhere be worried?

Foodpanda to use Gogoro electric scooters in battery swapping trial with Cycle & Carriage

TAGGED: AppDynamics, application security, DevSecOps, digital transformation, sponsored

Sign up for the TG newsletter

Never miss anything again. Get the latest news and analysis in your inbox.

By signing up, you agree to our Terms of Use and acknowledge the data practices in our Privacy Policy. You may unsubscribe at any time.
Techgoondu February 1, 2023
Share this Article
Facebook Twitter Whatsapp Whatsapp LinkedIn Copy Link Print
Share
Previous Article Apple iOS 16.3 users can use security keys like YubiKey to protect accounts
Next Article Fancy the world’s largest OLED TV? LG has a 97-inch LG G2 to sell you
Leave a comment

Leave a Reply Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Stay Connected

Facebook Like
Twitter Follow

Latest News

After another DBS outage, is it time to make banks publicly report service uptime?
Enterprise Internet March 30, 2023
Xiaomi 13 Pro review: A photography powerhouse with 1-inch image sensor
Cellphones Mobile March 29, 2023
IT leaders must manage the tension point between application development and security by embracing a DevSecOps approach
Cybersecurity Enterprise Software March 29, 2023
SPTel offers multi-network eSIM service to businesses running IoT apps
Enterprise Telecom March 28, 2023
//

Techgoondu.com is published by Goondu Media Pte Ltd, a company registered and based in Singapore.

.

Started in June 2008 by technology journalists and ex-journalists in Singapore who share a common love for all things geeky and digital, the site now includes segments on personal computing, enterprise IT and Internet culture.

banner banner
Everyday DIY
PC needs fixing? Get your hands on with the latest tech tips
READ ON
banner banner
Leaders Q&A
What tomorrow looks like to those at the leading edge today
FIND OUT
banner banner
Advertise with us
Discover unique access and impact with TG custom content
SHOW ME

 

 

POWERED BY READYSPACE
The Techgoondu website is powered by and managed by Readyspace Web Hosting.

TechgoonduTechgoondu
Follow US

© 2023 Goondu Media Pte Ltd. All Rights Reserved | Privacy | Terms of Use | Advertise | About Us | Contact

Join Us!

Never miss anything again. Get the latest news and analysis in your inbox.

Zero spam, Unsubscribe at any time.
 

Loading Comments...
 

    Welcome Back!

    Sign in to your account

    Lost your password?