Skip to main content
July 7, 2015

The Scalability Challenge, Part One: 5 Application Security Issues — and How to Handle Them

The Scalability Challenge, Part One: 5 Application Security Issues — and How to Handle ThemEvery enterprise has a unique security challenge. What's yours?

Truth be told, with every organization in the world becoming a de facto tech company, "a" security challenge isn't the right way to describe it. As the challenges and shortcomings outlined in this Veracode whitepaper imply, even the best and brightest out there face potential application security issues: When 93 percent of all companies experience a security breach in a given year, you know drastic changes need to be made.

The encouraging news here is that while goals, products and services vary wildly among organizations, many security challenges stay the same across industries. Thus, Veracode is pleased to announce a new five-part series on the biggest problems facing "tech companies" (read: all companies) today, what issues can arise from leaving them unresolved, and how best to address them. Here are the five challenges that will be addressed in the coming weeks:

Problem 1: We need to secure our software development, but not slow our SDLC.

This simple statement sits behind a host of different troubles in the development world. In some ways, AppSec and time to market are like platters on either end of a scale: add too much to one and the other suffers, even though both are crucial.

Challenging though it may seem, however, achieving balance doesn't require piles of cash or ulcer-inducing stress. This article will touch on just how businesses that desire speed and security can reach their goals with a combination of new practices, new outlooks and a focus on topics like education and automation.

Problem 2: We need to discover and protect all of our web apps, but in a fast and scalable way.

From a security standpoint, your perimeter can be a scary place. Like a sprawling fence covering huge territory, every forgotten web app or application security oversight is as threatening as another collapsed section or open gate, and every unwitting opening is another chance for malicious visitors to break through.

This article will focus on fixing the perimeter automatically, lending all the speed and scalability your organization craves to your rebuilding effort. Get ready for a big focus on automation: When automated security is cheaper and faster than manual alternatives, why wouldn't you take that option?

Problem 3: We need to comply with regulations and industry mandates, but streamline the process with automation.

Whether the HIPAAs and PCIs and OCCs (and a bunch of other acronyms) of the world are specifically centered on technology or just embracing the digital world, you can bet every set of industry- or government-mandated rules have something to say about application security — and woe unto the organizations that fail to heed their mandates.

That's the big point behind the third article in the series, which will focus on the complex intersection of regulation and technology and show you how to navigate it without wasting too much human effort in the process. If you work under the oversight of an acronym, this one's for you.

Problem 4: We need to reduce the risk from third-party software — whether vendor, open source or outsourced.

Third parties are relatively inexpensive, abundantly available ways to acquire bits of code or whole pieces of software. That's the reason nearly every company out there has some third-party work in its own collection of apps. But outsourcing isn't a cure-all, and it doesn't come without problems and liabilities specific to the practice.

The goal? Reducing liability in the event of a data breach or similar application security event. This article will focus on how to do just that, offering tips, tricks and practical advice for making sure third-party contributions don't become first-party headaches.

Problem 5: We need to control mobile security risk whether we build, buy or download the apps our users demand.

Smart devices are everywhere. They're also massively connected, making them a perfect platform for all sorts of nifty, time- and money-saving software. That same connectivity, however, makes them a juicy target for all sorts of unsavory characters. As it turns out, having pocket-sized computers handle everything from user data to physical access can be as much of a headache as it is a convenience.

This article will outline ways to reduce and control mobile security risk, no matter what that risk may represent — and no matter who may be using it. From BYOD problems and application security nightmares to the inherent headaches of constant "front door" physical access, this one will have it all.

Stay Tuned

Today, technology fuels our industries and individual careers like never before, and reducing the risk that comes with it means seeing significant improvement in both. There's more information that you can learn over the coming weeks about Addressing the Scalability Challenge, so be sure to check back and see how this new series can enlighten you.

Photo Source: StockSnap

Evan Wade is a professional freelance writer, author, and editor from Indianapolis. His time as a sales consultant with AT&T, combined with his current work as a tech reporter, give him unique insight into the world of mobile/Web security and the steps needed to properly secure software products. Follow him on Twitter.

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.