In the modern application economy, every company is a digital business, producing web, mobile, and cloud applications at a rapid pace. In order to keep up with the pace of innovation, they are relying on third-party software and open source components and libraries to augment their own internal development efforts. This reliance on software would suggest that enterprises are placing equal importance on securing applications as they do on innovation. However, the number of breaches due to insecure code suggests this is not the reality.
How is it that companies spending millions of dollars to secure their networks and end-points, and in many cases their applications, are still suffering application-layer breaches? Two main reasons: 1) network centric security programs are no longer sufficient as the traditional perimeter no longer exists and 2) the common, tools-based approach to securing applications does not scale to meet the demands of the modern digital business.
The combination of building software, buying software and borrowing software components creates a complex ecosystem of applications that the enterprise doesn’t fully own -- but must still secure. How do enterprises typically respond? By putting in place system of security checks and questionnaires. The problem is, this system is fragmented, doesn’t scale and many applications end up bypassing the controls put in place – leaving an average of 2/3 of applications untested before deployment.
If the traditional methods of securing applications isn’t sufficient in today’s application economy, what can an enterprise do? This the exact topic Tom Hickman, VP of product strategy at CA Veracode, will discuss during the SCMagazine eSymposium on Vulnerability Management. Register for the event by clicking here and attend Tom’s session, “The Elephant in the Room: How an increased reliance on software increases enterprise risk” to learn how companies can secure the software they build, buy and borrow.