Intelligent CIO Europe Issue 15 - Page 19

LATEST INTELLIGENCE SEAMLESS APPLICATION SECURITY: SECURITY AT THE SPEED OF DEVOPS PRESENTED BY The current application security problem In recent years, software went from being a support function of business to an innovation centre, becoming the essential competitive differentiator for most businesses in every vertical and size. With this shift in the role of software, businesses today are dramatically increasing the number of applications and the frequency of releases, with little thought given to non-functional requirements. Download whitepaper here In addition, modern applications are increasing in complexity due to the need for speed and as a result, developers’ reliance on code re-use as well as open source and commercial (COTS) components has increased dramatically. This has huge implications on security teams to find and manage vulnerabilities. As a consequence, some of the notable security breaches in recent years were due to vulnerabilities in third-party code components. With business needs in the driver’s seat, applications are proliferating via websites, social media platforms like Facebook, mobile and cloud applications. Furthermore, some applications are driven by marketing teams and created with third-party software. These applications are often outside the normal business processes with little or no governance. On top of all the challenges created by increased number of applications, increasing complexity and faster releases, regulations like GDPR and capturing customer data for business purposes has become the norm. Having multiple instances of customer data increases the likelihood and impact of a breach. This is especially concerning because the majority of security breaches today are due to application vulnerabilities. According to Micro Focus Software Security Research’s 2018 Application Security Risk Report, 80% of applications contain at least one critical or high vulnerability and 90% of security incidents are from exploits against defects in the design or code of software. n INTELLIGENTCIO 19