Leadership Framework for Building Elite Teams
Four Reasons Why You Need a Third-Party Security Assessment
Information Security Against Cyber Attacks
The Technology Project Life Cycle: Lessons Learned
Your Application is Mostly Written by Strangers
Edwin Kwan, Head of Application and Software Security at Tyro Payments
Developing leading indicators for Business Continuity risk
Karl Rosenblum, Global Head, Manufacturing & Risk Strategy, Alcon
Application Security Fundamentals and Coaching Basketball
Lee Bailey,Director, Information Security & Compliance, Tupperware Brands
Application Security and its Many Challenges
Kirk Havens, Chief Security Information Officer, GoHealth
Thank you for Subscribing to CIO Applications Weekly Brief
Five Trends Fueling Application Security Challenges
Applications are an essential component of the digital transformation puzzle. However, they are also a changing target, as many firms migrate current mission-critical programs to the cloud, build new ones, and try to keep them all updated and safe without enough experienced hands to handle it all — all while cybercriminals wage war.
Fremont, CA: The status of application security is rapidly evolving, and enterprises must adapt to keep up. However, five trends in app development make security more difficult.
Five Perplexing App Security Development Challenges
The Rate of Change: The release of the software has risen rapidly. A significant software release used to happen every year or two – or every six months if a business was truly pushing the edge. Companies are now releasing hundreds of updates to one app per day in other circumstances. Some businesses aim for an hour-long development cycle rather than a months-long one. When it comes to releasing new features rapidly, security might take a back place.
New approaches to build: In the past, software was monolithic and server-based, with development teams writing a heap of code that was put on a server and interacted with web browsers.
However, in recent years, organizations have begun to disassemble these massive pieces of software and transform them into groups of cloud-native containers linked together by application programming interfaces or APIs. The new app development methodology centers on microservices, which are subsequently packed together to form a full-featured software package. This can lead to a larger attack surface where a single vulnerability in a single microservice might provide attackers with a foothold or access to client data.
Breaking Down Barriers: For some years, enterprises have been transitioning from distinct software development and operations teams to merged DevOps teams, a trend that is accelerated in the age of apps. In addition, organizations are shifting to an infrastructure-as-code approach as part of the DevOps transition, with configuration files developed that include a company's infrastructure specs, making it easier to alter configurations.
Organizations no longer place code on servers but instead build infrastructure code that automatically spins up the number of servers required to distribute their code.
Outdated Skills: Development technologies are exceeding security teams' understanding. Security experts must learn about new development methodologies like microservices, but many businesses are running in several cloud environments, each with its own set of security quirks. In addition, many companies employ many container systems, each with its security approach.
A Fresh Perspective: Furthermore, development teams are acquiring a stronger voice in security problems. This is an excellent move in many respects, but it may cause friction between conventional security specialists and developers who want to deploy software rapidly. Developers usually strive for speed, often under pressure from corporate leaders to maximize revenue, but security teams frequently fight back to safeguard the organization and its assets.