Leverage business insights for faster app security prioritization

June 21 2022
 

We’re near the tipping point where without the right tools, siloed application development and security prioritization can hinder essential business transactions. Here’s what you need to know.


In 2019, digital consumers in the United States installed an average of 20 apps on each mobile device they owned. A year later, as quarantines aided demand for transacting online, the pandemic accelerated this trajectory and the number of installed apps doubled to 40. Speculation suggested app adoption might flatten as the pandemic subsided, but even as the worst of COVID-19 began to fade in 2021, app usage hit new milestones. For example, seven of every 10 minutes spent on mobile devices are now dedicated to social, photo and video apps and 74% of vacationers believe applications are central to their travel experience.

Security savvy users are changing the app market

Consumer awareness around an app’s access to users’ personal information has escalated alongside news coverage of major data breaches. The well-deserved hype around recent Log4j and Spring4Shell vulnerabilities are perfect examples of how easily fear can be instilled into public perception. Government-led initiatives such as GDPR in Europe, and state-level legislation in the US may quelch some of the fear around user privacy — but based on a 2020 user-focused study, app security remains the top reason for refusal to download an application.

Balance business outcomes and user demands — without alert fatigue

Regulations such as GDPR, demand that organizations increase security and backups as well as communicate breaches quickly and transparently. As such, they act as catalysts to improve security awareness at the consumer level, which drives the need for deep understanding of exactly how security integrates with and supports underlying, critical business outcomes. For technologists on the frontline of breaches, everything can’t be top priority and severity alone isn’t enough information to make the best decisions for the business. Additionally, IT teams in incident response mode can easily become inundated by too many alerts and not enough business context, making it unnecessarily difficult to confirm which tactic will most efficiently mitigate the top business-impacting vulnerabilities at any given time.

New threats on the horizon — there’s no time for silos

All parts of every organization are theoretically working towards a common goal of innovating products, protecting and growing the brand and delighting customers. For IT teams, that often means pushing secure, reliable code faster — which can be difficult if not impossible in siloed environments. With all signposts pointing to a continued rise in zero-day threats, as evidenced by the exposure of Spring4shell a mere four months after Log4j; and with research showing an average of 287 days to contain a breach (and about 200 days passing before detection) what happens if it’s a mission-critical app that takes the hit? Can any company afford millions of dollars and an associated 38% loss of business?

Why applications and security can’t be siloed

When it comes to application security incidents and prioritization, many company leaders expect teams to understand the full scope of a vulnerability in hours or at worst, a few days. But generally speaking, that’s not the case. So why, with so much at risk, is there still a disconnect across applications and security teams, especially when shared tools can accelerate detection and mitigation strategies plus quickly answer questions about risk exposure and remediation timeframes when the next vulnerability arises? Cisco Secure Application is known for its ability to deliver a shared view of common vulnerabilities and exceptions with code-level context. It can also spot runtime exploits and zero-day attacks, and lock out bad actors at the policy level — even if vulnerabilities exist. But that’s not all it can do.

Welcome to Cisco Secure Application + business transaction insights

Looking at application performance through a business lens can uncover roadblocks to user experiences that may hinder business outcomes. Now, with business transaction security insights baked into Cisco Secure Application, AppDynamics customers can map detected vulnerabilities to business transactions and prioritize vulnerability fixes based on its potential business impact. It’s a significant capability added that can for example, help AppOps teams review application health in a custom dashboard, score the risk on user conversions and assist in determining which vulnerabilities should be addressed first.

Visit our product page to learn more about Cisco Secure Application.

Audrey Nahrvar is a product marketing manager with a background in application security and ethical hacking. Audrey held positions at Autodesk and Shutterfly before joining AppDynamics in 2017 as a security engineer first and then promoted to security architect. In her off hours, Audrey enjoys spending time with her husky, in the mountains.