Application Security in 2021

Even as the world went into lockdown in 2020 to deal with the COVID-19 pandemic, hackers continued to launch attacks on networks. Lockdowns and travel restrictions forced many organizations to shift their activity to cyber space. In parallel, the increased use of mobile apps for private and business matters created an even more exposure points for bad actors to target.

Looking ahead in the new year, how will organizations adapt and secure their networks?

Application and API Security are High Priorities

When asked how their application infrastructure would evolve in 2021, most respondents reported that application and API security would be either a high or very high priority in the coming year. Two in five respondents said that they would focus on accelerating the migration of applications to the public cloud as a high priority, while 38% said completing their CI/CD automation was important.

API Protection Will Be the First Area for Investment

About three in five organizations recognize the risk associated with the increased use
of APIs and the challenge to secure them and are very likely or definitely likely to invest
heavily in API protection through most of 2021. This concern is even greater with the
non-security respondents, many of which are Application Development and Delivery
(AD&D) professionals who build, introduce and connect the APIs.

Respondents indicated the need for API protection is driven by non-security roles, not security staff (65% vs. 51%). Slightly more than one-half will invest to this extent in web application firewalls. Interestingly, only about one-third of organizations plan to invest or invest heavily in bot management capabilities.

Quality of Protection is a Priority in Solution Selection

When procuring web application and API protection technologies, more than two in five respondents report that the quality of the protection in the solution is their primary consideration. Twenty-two percent of respondents say that the ability to seamlessly integrate the solution into their environment and with other tools already being used is their primary consideration.

Respondents in non-security roles surprisingly rank the need for quality of protection higher than their counterparts in security roles. Non-senior management respondents are
twice as likely as senior management to prefer more access to analytics (8% vs. 4%) and
the use of managed services (21% to 10%). We speculate this has to do with their day to day experience, and might point at skill-shorted IT security staff or simply too full of a plate.

A Need for Consistency and Visibility

Thirty-one percent of respondents anticipate that their organization’s most significant application security concerns over the next two years will be maintaining a coherent security policy across their data centers and the cloud platforms that they use or will be using. Nearly as many respondents believe that their most significant concern will be gaining visibility into the security events impacting their organization.

These statistics underscore one of the key overarching issues of application security:
that despite the implementation of new security technologies, organizations continue to struggle maintaining visibility and consistency of security policies across new platforms, architectures and technologies (APIs).