VIEWPOINT
TOP FIVE APPSEC TRENDS YOU CAN’T IGNORE IBRAHIM AZAB, REGIONAL SALES DIRECTOR, MEA, CYBERRES, HIGHLIGHTS KEY APPLICATION SECURITY TRENDS THAT IT TEAMS SHOULD CONSIDER TO ACHIEVE HOLISTIC SECURITY AT THE APP LEVEL.
I
mplementing and maintaining the most optimal security to guard your mission-critical data and raise your cybersecurity posture must begin from the development stage of applications. Application security (AppSec) is vital in ensuring the resilience of software applications against evolving threats. Identifying the urgent need for organisations to secure their IT architecture at the app level, tech pioneer Micro Focus recently released a list of key AppSec trends to watch out for. Ibrahim Azab, Regional Sales Director, MEA at CyberRes, a Micro Focus line of business, says, “The constant evolution of modern development is compounded by increased velocity and complexity. Customers are looking for holistic AppSec strategies, one that includes broad and accurate language coverage, an ecosystem that can be easily integrated into legacy tools and the capability to extend across SaaS or on-prem environments. This the vision that Micro Focus operates on.”
1
AppSec Tooling Becomes Embedded in the DevOps Toolchain Increasing number of commercial vendors are now offering hyper-convenient scanning, reducing the influence of AppSec teams in SAST tooling. While this embedded security scanning uncovers only a small proportion of the vulnerability issues compared to what a robust AppSec tool can find, it brings convenience and cost savings to the table. This significantly helps organisations meet compliance requirements. Azab adds, “Cloud platform vendors are also offering integrated security tools that
16
CXO INSIGHT ME
OCTOBER 2021
chance of security risks, which is why it is important to follow best practices.
4
make it effortless for development teams and helps avoid using AppSec tools.
2
Container Security Is the Battleground for Securing the Software Supply Chain Cybersecurity incidents such as the Solarwinds hack in 2020 coupled with Equifax data breach and Struts vulnerability in 2017 have considerably raised awareness of the software supply chain. “As several different software supply chains converge when developing containerized apps, containers have emerged as the biggest battleground. Security teams must handle container security challenges around vulnerabilities and compliance.”
3
IaC Security Adoption Grows Infrastructure as Code (IaC) is defined as overseeing a company’s IT infrastructure by using configuration files. These are the files used to setup the initial parameters of computer programs. Increasingly organisations are adopting IaC solutions for automation and provisioning of cloud deployments. This also means that there is an increased
Vulnerability Management Takes a Step Forward Azab says, “Organisations can offer more holistic AppSec analysis and reporting by gathering all vulnerabilities from different assets and parts of the IT environment into a single pane of glass.” Tools that aggregate information from multiple sources and present that risk in a rollup view have an advantage over tools that offer one perspective about a focused area of the software. Combining dynamic, static and composition analysis into a single integration point, whether that’s in the IDE or CI/CD pipeline, simplifies the vulnerability management process. “AppSec tools will face pressure to natively offer this functionality at enterprise scale,” he adds.
5
Cloud Native App Security Requires a Continuous Application Security Approach Cloud native technologies allow customers to deploy scalable applications across public, private and hybrid cloud environments. Most cloud providers make it easy for customers to leverage the benefits of cloud. However, the enduser organisation must take responsibility for ensuring data security in the cloud – and this requires a relentless application security approach customised for different environments. Azab says, “Application security cannot be an afterthought. It must be embedded right from the first step of the software development lifecycle. These trends indicate that security is now increasingly developer-driven.”
