Study reveals that attack surface continues to grow as app portfolios expand and 70 percent of apps neglected for security
BURLINGTON, Mass. – September 30, 2014 – Veracode, a leader in protecting modern enterprises from today’s pervasive web and mobile application threats, today announced that research conducted by IDG reveals there is a growing gap in application security programs at enterprises in the US and UK. The data shows that in 2015 enterprises will leave up to 70 percent of internally developed applications unaudited for common threats such as SQL injection. This means that the attack surface at Global 2000 firms will increase to an estimated 4.5 million web and mobile applications, based on the average number of applications produced by enterprises.
Recent large-scale breaches at retail organizations have demonstrated that cyber-criminals are using a variety of techniques to penetrate enterprises. Because enterprises have effectively locked down their networks, this leaves web and mobile applications as the path of least resistance. As enterprises continue to produce more applications in order to drive their businesses, their inability to scale current application security programs means only business-critical applications are audited for security. This leaves a significant number of web and mobile applications vulnerable, creating long-term security threats as cyber-criminals attack the path of least resistance into an IT infrastructure, without regard to whether the application is business-critical or a little-used web site.
“In order to close this gap, enterprises need a new and more scalable approach to application security that allows organizations to mature their programs with consistent enterprise-wide policies and metrics,” said Pejman Pourmousa, director of security program management, Veracode. “Using an automated cloud-based service makes it possible for enterprises to keep pace with the speed of innovation without sacrificing security.”
Veracode’s cloud-based service offers an alternative to legacy, on-premises approaches. Because it is simpler and more scalable, the Veracode service will allow enterprises to close the growing application security gap, reducing risk at their organizations.
The IDG study asked executives at large enterprises about their application security programs and practices. The purpose of this study was to gain a better understanding of the enterprise application security environment, particularly for internally developed applications. The study also forecasted future application development, changes to security budgets, and application security vulnerabilities.