The phrase “every business is a software business” accurately depicts today’s workplace. Regardless of industry, software now sits at the center of business—and it is what enables companies to build and maintain relationships with customers, partners, employees and others. Software is the fabric of nearly every competitive company, and those able to deliver new applications and capabilities more quickly are positioning themselves to win in the market.
But while software development speeds up, what happens to security? There are so many questions:
- When new applications and capabilities are rolled out, how is security addressed?
- Is cyber resilience considered throughout the development process—or is it just bolted on in the back end?
- Is there a consistent methodology for validating the security of new applications—or are development teams left to their own devices?
In this context, ZeroNorth surveyed roughly 60 cybersecurity professionals across a range of industries, many of whom represent very well-known brands in the FORTUNE 500. And, today we are excited to share our findings in a new report we launched this morning entitled “Rethinking Security for Digital Transformation.”
- Most companies have begun – or will soon begin – digital transformation initiatives. Regardless of whether it’s cloud technology, building a DevOps culture or some other project, these companies believe digital transformation programs are important to the future of business. In other words, driving digital transformation isn’t optional—it’s mandatory.
- Companies generally understand and appreciate the need for cybersecurity and the essential role it plays in a company’s digital transformation. This is good news. If companies move quickly—but don’t consider security—the initiatives underway could be put at risk. And as mentioned earlier, these efforts are critical to an organization’s future, so minimizing risk should be prioritized.
- The survey data highlights the inconsistent methods companies often use for vulnerability scanning across the software lifecycle—and further, how ownership of scanning varies greatly. So, where does this leave us? First and foremost, we need to build strategies that help bolster cybersecurity programs in the context of CI/CD models.
Within the piles of other data from the report, one topic worth mentioning is this: confidence in open source tools for scanning/testing software. Overall, survey participants felt open source tools are equally as effective as COTS tools; only about 15% believe COTS are more effective. It will be interesting to see if this stated confidence in open source translates into greater usage/deployment of these tools in 2020 and beyond.
At the end of the day, securing an organization through digital transformation is a marathon, not a sprint—and it’s clear we are still in early days. But one thing is for sure—the organizations who are quickest to effectively manage software security at the speed of development will win the day with the best competitive advantage.
To learn more about this research, register for a live webinar where I join ZeroNorth’s CTO, John Steven, for a longer discussion on Friday, October 11 at 1pm ET. You can also download the full report, “Rethinking Security for Digital Transformation.”
*** This is a Security Bloggers Network syndicated blog from Blog | ZeroNorth authored by Dave Howell. Read the original post at: https://www.zeronorth.io/blog/best-practices-for-securing-digital-transformation/