6 minute read
TOP FIVE APPSEC TRENDS YOU CAN’T IGNORE
from The Need For Speed
by cxoinsightme
IBRAHIM AZAB, REGIONAL SALES DIRECTOR, MEA, CYBERRES, HIGHLIGHTS KEY APPLICATION SECURITY TRENDS THAT IT TEAMS SHOULD CONSIDER TO ACHIEVE HOLISTIC SECURITY AT THE APP LEVEL.
Implementing and maintaining the most optimal security to guard your mission-critical data and raise your cybersecurity posture must begin from the development stage of applications. Application security (AppSec) is vital in ensuring the resilience of software applications against evolving threats.
Advertisement
Identifying the urgent need for organisations to secure their IT architecture at the app level, tech pioneer
Micro Focus recently released a list of key
AppSec trends to watch out for.
Ibrahim Azab, Regional Sales Director,
MEA at CyberRes, a Micro Focus line of business, says, “The constant evolution of modern development is compounded by increased velocity and complexity.
Customers are looking for holistic AppSec strategies, one that includes broad and accurate language coverage, an ecosystem that can be easily integrated into legacy tools and the capability to extend across SaaS or on-prem environments. This the vision that Micro
Focus operates on.”
1AppSec Tooling Becomes Embedded in the DevOps Toolchain Increasing number of commercial vendors are now offering hyper-convenient scanning, reducing the influence of AppSec teams in SAST tooling.
While this embedded security scanning uncovers only a small proportion of the vulnerability issues compared to what a robust AppSec tool can find, it brings convenience and cost savings to the table. This significantly helps organisations meet compliance requirements.
Azab adds, “Cloud platform vendors are also offering integrated security tools that make it effortless for development teams and helps avoid using AppSec tools.
2Container Security Is the Battleground for Securing the Software Supply Chain Cybersecurity incidents such as the Solarwinds hack in 2020 coupled with Equifax data breach and Struts vulnerability in 2017 have considerably raised awareness of the software supply chain.
“As several different software supply chains converge when developing containerized apps, containers have emerged as the biggest battleground. Security teams must handle container security challenges around vulnerabilities and compliance.”
3IaC Security Adoption Grows Infrastructure as Code (IaC) is defined as overseeing a company’s IT infrastructure by using configuration files. These are the files used to setup the initial parameters of computer programs. Increasingly organisations are adopting IaC solutions for automation and provisioning of cloud deployments. This also means that there is an increased chance of security risks, which is why it is important to follow best practices.
4Vulnerability Management Takes a Step Forward Azab says, “Organisations can offer more holistic AppSec analysis and reporting by gathering all vulnerabilities from different assets and parts of the IT environment into a single pane of glass.”
Tools that aggregate information from multiple sources and present that risk in a rollup view have an advantage over tools that offer one perspective about a focused area of the software.
Combining dynamic, static and composition analysis into a single integration point, whether that’s in the IDE or CI/CD pipeline, simplifies the vulnerability management process. “AppSec tools will face pressure to natively offer this functionality at enterprise scale,” he adds.
5Cloud Native App Security Requires a Continuous Application Security Approach Cloud native technologies allow customers to deploy scalable applications across public, private and hybrid cloud environments. Most cloud providers make it easy for customers to leverage the benefits of cloud. However, the enduser organisation must take responsibility for ensuring data security in the cloud – and this requires a relentless application security approach customised for different environments.
Azab says, “Application security cannot be an afterthought. It must be embedded right from the first step of the software development lifecycle. These trends indicate that security is now increasingly developer-driven.”
UNLOCKING IOT VALUE WITH EDGE
TIM LOVEJOY, VP GOVERNMENT AND PRIVATE CLOUD, RACKSPACE TECHNOLOGY EMEA, EXPLAINS HOW EDGE COMPUTING CAN HELP UNLOCK THE COMPLETE POTENTIAL OF IOT SOLUTIONS IN THE PUBLIC SECTOR.
Cloud technology has long been accepted as fundamental to the way the modern world operates, with even the most sceptical and reluctant sectors now embracing the value it offers. What comes next, as IoT devices proliferate in our work and home lives, is a move towards edge computing, which has particular advantages for the region’s public sector.
For example, IoT presents vast opportunities across the public sector. Autonomous transport, health monitoring devices, traffic and lighting applications, better law enforcement, as well as smart bin sensors to ensure rubbish never overflows are all possibilities.
These functionalities require low latency applications, which are processed at the edge of the network in order to maximise the functionality. Ultimately, as IoT decentralises computing infrastructure, edge computing looks set to hold an advantage over cloud or centralised computing. Yet in reality, they will have to work closely, in tandem.
This hybrid approach will have many benefits. Not least is in convincing some of the more cautious decision makers within the public sector of the role of IoT, and in turn edge computing, in making operations more efficient.
Living on the edge
To fully harness the potential of IoT and smart devices, edge computing needs to be embraced. Data from the edge is processed in real time, eliminating even the tiniest lag. This speed is everything. The latency is reduced, in turn decreasing the time taken to get actionable insights from any live data. In short, it allows for highly informed, realtime decision making.
Again, the Middle East’s public sector benefits are apparent. Emergency and crisis situations in particular require decisions to be made almost instantly. The combination of IoT and edge computing will allow these decisions to be informed by real-time information, potentially saving lives. As such, there is a promise of improved efficiency – which can in turn lead to cost savings, revenue-making opportunities, or simply better services.
A more secure solution
But what are the risks in terms of compliance and security when exploring edge computing today?
Concerns around the security of the cloud can be rationalised, especially where strict regulations are in place to protect citizen data and prevent potentially dangerous disruption to services. And to date, the primary way of reducing the apparent risk posed by hosting data in the cloud is to keep it local – at present, mainly meaning on a private server.
Edge computing enables data to be kept locally for decision making in real time. This is why it could be a real gamechanger. It can limit the distance travelled by any data, and therefore reduces some of the security risk associated with moving it to the cloud or another data centre. And there is a smaller window in which anything can be disrupted or corrupted as data remains highly localised. For data that needs to persist for longer term information gathering, this is sent back to the cloud for retention, so the art of the possible is virtually endless.
Cutting costs
The bottom line is the most important one for the majority of businesses. This is certainly true in the public sector. Budgets tend to be tighter, and digital transformation projects can be limited by financial concerns.
Edge computing can actually bring cost savings. This is especially true with regards to data ingest charges where only sending the data that needs to persist into the cloud reduces data movement charges. With data essentially being processed on site rather than in the cloud, organisations can reduce their cloud capacity requirements and associated costs.
Smarter use of cloud infrastructure also offers cost optimisation benefits. Cloud in tandem with edge is a great example of how the architecture can work more flexibly and offer improved savings based on actual usage and requirements, while being fully scalable.
Opportunities ahead
As all organisations in the region become even more data heavy, using the right combination of technologies is essential. Whether it is bringing expertise in house, co-sourcing, or taking counsel from expert partners, the benefits of harnessing the right combination of edge and cloud to complement the increasing deployment of IoT is becoming essential.
The good news for the public sector is that we are only at the start of the IoT revolution. But with immense opportunities for it to improve the services that we interact with every day, now is the time to think smartly about how to embrace its potential.
