In a previous blog post, we explored how software is “eating the world,” and how applications have gone from a nice-to-have to a critical part of running a business. As enterprises are forced to develop and buy more and more software – and at a lightning pace in order to keep up with the competition – what are the security implications? Cyberattackers are increasingly targeting the application layer to breach organizations and gain access to sensitive, confidential — and lucrative – data. At the same time, organizations can’t stop using software, or develop it more slowly. What does this mean for security?
The proliferating number of applications, combined with the decentralized way applications are now developed and purchased, mean it’s increasingly difficult to get a handle on your application landscape. For example, digital marketing has become one of the most important ways that companies interact with their target market and customers. Marketing departments are often spinning up new web pages and incorporating new technologies, and not communicating with IT security.
Bottom line: It’s hard to secure what you don’t know about. The nature of this new application landscape means visibility comes before security. When we work with customers on this problem, we typically find that they have 30 percent to 40 percent more websites than they originally report having. The solution? Look for application security solutions that can accurately inventory your entire web perimeter.
You don’t just need to develop apps to keep up with the competition in today’s digital world – you need to develop them fast. This emphasis on speed means that developing apps from scratch is nearly impossible, and developers are increasingly relying on third-party applications and components to meet deadlines. A recent IDG study found that among enterprise applications, 28 percent are typically developed externally, 34 percent are procured from software vendors and 38 percent are developed internally (source: IDG Study, “Majority of Internally Developed Apps not Assessed for Critical Security Vulnerabilities,” June 2014).
The problem is that it’s hard to keep track of these third-party additions and their security status. But you can keep up with the competition without sacrificing security. Consider application security solutions that:
As applications increasingly play a pivotal role in interacting with customers, prospects and partners and making business decisions, they are also increasingly standing in front of your most critical data. Gartner describes applications and application security with the analogy of a crown jewel in a treasure chest: the sensitive information is the crown jewel, and the applications are the treasure chest.
And when apps are the treasure chest:
The security implication here? Neglecting application security is risky business – you risk losing customers, paying regulatory fines and suffering a damaging breach. There’s a lot riding on your app layer, and application security needs to be a part of your security mix.
Security “business as usual” won’t cut it in this new digital world. You need to pivot your strategy to focus where the risk is – and that is increasingly at the app layer. Get details on creating and managing an application security program -- from someone who's been there. Check out our guide, From Ad Hoc to Advanced Application Security: Your Path to a Mature AppSec Program.