Research published today by Cisco AppDynamics highlights the challenges that technologists in all sectors are facing as they try to manage application security across an ever more dynamic IT environment.
The new report, The shift to a security approach for the full application stack, exposes the extent to which application security has become more challenging as organizations have accelerated their digital transformation initiatives to meet evolving customer needs and enable hybrid work. In fact, as many as 92% of technologists admit that the rush to innovate rapidly since the start of the pandemic has come at the expense of robust application security during software development.
Organizations are increasingly vulnerable to application security threats
Across the board, there is a recognition within IT departments that applications are increasingly vulnerable to new and emerging cybersecurity threats across a rapidly expanding attack surface. The widespread adoption of multi-cloud environments and the availability of low-code and no-code platforms enable developers to accelerate release velocity and build more dynamic applications across more platforms. But with application components increasingly running on a mix of platforms and on-premise databases, this exposes visibility gaps and dramatically increases the risk of a security event.
Many IT teams struggle to deal with soaring volumes of security alerts without the unified visibility to identify and remediate issues quickly. They’re unable to prioritize threats based on severity, impact and business context, and they’re finding it ever more difficult to balance the pressure for development speed with ongoing application security and performance. More than two-thirds of technologists report that their current security solutions work well in silos but not together, meaning they can’t get a comprehensive view of their organization’s security posture.
Against this backdrop, there is heightened concern that businesses are becoming less secure. As many as 78% of technologists feel that their organization is vulnerable to a multi-staged security attack that would affect the full application stack over the next 12 months. The implications of this are potentially catastrophic – organizations risk service disruption and outages, which will ultimately lead to loss of customers, reputation and revenue.
The shift to DevSecOps
New cybersecurity threats are exposing flaws in traditional approaches to application security and, in particular, the lack of input that security has had into the application development process. In many organizations, there has been little, if any, ongoing collaboration between developer and security teams – they have only engaged when a security issue has arisen, essentially when it is already too late.
This explains why increasing numbers of IT departments are embracing a DevSecOps approach, where application security and compliance testing are integrated throughout the software development lifecycle rather than being an afterthought at the end of the development pipeline. Developers can embed robust security into every line of code, resulting in more secure applications and easier security management before, during and after release.
The research finds that 76% of technologists now regard a DevSecOps approach as critical for organizations to effectively protect against a multi-staged security attack on the full application stack. And encouragingly, 43% of organizations have already started taking a DevSecOps approach, and 46% are considering making the transition.
The shift to DevSecOps requires technologists to leave behind siloed teams and entrenched mindsets and embrace a more open and transparent way of working. Crucially, technologists need to expand their outlooks and broaden their knowledge to work effectively as part of a multi-discipline team, developing not just their specialist skills but increasing their general skills in other areas of IT.
The need for a security approach for the full application stack
As well as cultural change in the IT department, technologists also believe that current application security challenges require IT teams to implement new tools and technologies. The research identifies a number of factors that organizations must address to improve their application security.
Above all else, technologists believe that adopting a security approach for the full application stack is vital so that IT teams have unified, real-time visibility across all areas of their IT environment. Only with this can technologists ensure complete protection for their applications, from development through production, across code, containers and Kubernetes®.
Alongside this, technologists point to the adoption of automation and Artificial Intelligence (AI) as essential to help IT teams cope with the spiraling volumes of security threats across multi-cloud environments.
Robust automation and AI strengthens security postures, identifying threats and resolving them independently of an admin. This reduces human error, increases efficiency, and drives greater agility in development — enabling teams to ship and deploy applications even faster. Automation can also help contextualize security, correlating risk in relation to other key areas such as the application, user and business.
Significantly, 76% of technologists believe that AI will play an increasingly important role in addressing the challenges around speed, scale and skills that their organization faces in application security.
Managing application security in dynamic cloud-native environments with Cisco Secure Application
Cisco AppDynamics empowers technologists to protect their organizations and end users from attacks and vulnerabilities with unified business performance and security observability.
Cisco Secure Application automatically detects and resolves issues across the entire technology stack, including cloud native microservices, Kubernetes containers, multi-cloud environments and mainframe data centers.
Crucially, Cisco Secure Application protects applications and correlates app performance and security insights without overhead or friction. It enables IT teams to unlock cloud application security insights without deploying an agent and to detect application code dependency and configuration-level security vulnerabilities in production with automatic runtime protection.
With combined application and security monitoring, technologists can see how vulnerabilities and incidents may impact the business to strategically prioritize resources and responses. From mainframes to microservices, Cisco Secure Application enables technologists to detect application code and security vulnerabilities in minutes — not months — with unified business, performance and security insights.
To read the comprehensive research, download the report: The shift to a security approach for the full application stack.
Or to find out how Cisco Secure Application helps technologists manage application security in modern application environments, click here.