An Application-Led Approach to Security Challenges - Security Boulevard

An Application-Led Approach to Security Challenges

The upcoming holiday season is likely to continue to attract ransomware attackers and cybercriminals looking to exploit vulnerabilities caused by gaps in rapid digital transformation. Just this past Labor Day, the FBI and Cybersecurity and Infrastructure Security Agency (CISA) warned organizations of the threats posed during holidays, and the upcoming season will likely bring similar danger. 

Without a doubt, the need for all of us to think and act carefully about how we share and protect our personal data has never been greater. The use of applications and digital services has skyrocketed since the pandemic began, as people were forced to rely almost exclusively on digital services in almost all aspects of their lives.

A recent report from AppDynamics found that the number of applications people are regularly using has risen by a staggering 30% since the beginning of 2020. And, of course, a major element of this increase is among people who are new to digital services, driven to use applications during lockdown to buy groceries, stay connected to friends and family and access critical services.

Sadly, but unsurprisingly, this rapid switch to digital with the sudden introduction of millions of vulnerable people into cyberspace has presented a massive opportunity for cybercriminals. The UN reported a 350% increase in phishing websites during the first quarter of 2020, saying that cybercriminals “are exploiting the significant disruption and economic hardships caused by COVID-19” and that “the increase in internet usage and cybercrime during the pandemic further compounded the problem.” In reality, the scale and sophistication of these threats have only increased.

Security Sits on Top of the Total Application Experience

With consumers using a wider range of applications during the pandemic, their expectations around application security have soared and tolerance for anything less than the best digital experiences has disappeared.

When asked to characterize the elements that make up the optimum digital experience, security was the most important factor, with 62% of people citing it as critical.

You might have thought that with consumers being so overwhelmingly reliant on digital services for almost everything during the pandemic that any concerns around data and privacy would have been diminished, but that simply hasn’t been the case. In fact, now, 90% of consumers expect their data to remain safe and secure.

Meeting Security Challenges with an Application-First Approach

While consumer behavior can have a significant effect on security, there is a huge imperative for businesses and organizations to invest in application security that can stop threats from reaching their end users. For IT and security teams, the dramatic increase in demand for applications and digital services coupled with these heightened expectations for flawless application performance presents a huge challenge. 

During the pandemic, we’ve seen rapid acceleration in the adoption of cloud computing technologies across all sectors over the last 18 months, to meet consumer appetite for new digital services and respond to changing customer and business needs. This has meant that organizations now find themselves trying to manage and protect soaring volumes of customer data across an increasingly sprawling IT estate. 

Technologists that were previously looking after a relatively consistent and fixed IT infrastructure now find themselves managing an evolving IT estate where customer data is stored across distributed locations and often under different jurisdictions. At the same time, they’re facing an unprecedented rise in malicious security threats and growth in modern application complexity, running on-premises, multi-cloud and cloud-native microservices.

The only way organizations can even begin to tackle this challenge is to embrace a new approach where security is a major consideration and driving force at the beginning of the development cycle, rather than an add-on at the end. We need to move away from the long-held belief that proper application security posture inhibits speed and innovation.

What this means is discarding perimeter-based solutions that rely on traffic routing through them and assumptions of what the application might do with the payload. It simply isn’t feasible for application and security teams to take an average of 280 days to detect and contain a data breach.

Instead, technologists need to embrace a new approach that protects the application from the inside out. An application-first approach enables IT and security teams to identify vulnerabilities and threats within the application in production, and to protect the application against attacks in real-time. This, in turn, allows them to correlate security and business data to prioritize remediation based on potential business insight. 

In order to implement this new, proactive approach to security, app and security teams need to have the right tools at their disposal. They need to ensure that wherever an application runs, they’re able to organically add security capabilities from within the runtime.

This can protect the application environment and continue to deliver the ‘total application experience’ that customers expect.

Featured eBook
The State of Cloud Native Security 2020

The State of Cloud Native Security 2020

The first annual State of Cloud Native Security report examines the practices, tools and technologies innovative companies are using to manage cloud environments and drive cloud native development. Based on a survey of 3,000 cloud architecture, InfoSec and DevOps professionals across five countries, the report surfaces insights from a proprietary set of well-analyzed data. This ... Read More
Palo Alto Networks

Gregg Ostrowski

Gregg Ostrowski is an Executive CTO at AppDynamics, part of Cisco. He engages with customer senior leadership to help prioritize their strategy for digital transformation. Prior to AppDynamics, Gregg held senior leadership positions at Samsung and Research in Motion.

gregg-ostrowski has 1 posts and counting.See all posts by gregg-ostrowski