Article by CA Technologies president and GM for APJ, Martin Mackay.
As technologies such as mobile devices, cloud, social media, and IoT become increasingly pervasive, they bring about more opportunities for organizations to expand, innovate, and optimize. Underpinning the successful deployment of these innovations is digital trust, the primary currency of today’s modern enterprises.
On the other hand, new technologies materially increase the threat of cyberattacks and data breaches. Security incidents are seemingly becoming more and more commonplace today. Over the last few years, many companies, of various sizes, have experienced major data leaks. Clearly, security threats are increasing and it is becoming a challenge to keep up.
Security can no longer be an afterthought
In today’s security environment, it is critically important for security to be integrated seamlessly throughout the whole software development lifecycle. A “bolt-on” approach to security is not only inadequate, but might also cause immense, irreparable damage to an organization’s operations and reputation. However, historically, developers have not been overly concerned with the security of an application; their focus has been on functionality.
Fortunately, businesses are realizing that protecting their apps after the code is written is a reactive approach that is simply – too little, too late. In fact, a recent study conducted by CA’s Veracode found that 62% of IT pros felt app security was very important to their development team. The same study also uncovered that 43% of IT pros stated that fixing flaws during development is easier than patching.
DevSecOps gaining traction in the new year
The integration of Development and Operations – DevOps – is gaining widespread traction. The evolution of this concept is DevSecOps – Development – Security – Operations where security is integrated into all processes. Given the critical nature of establishing and maintaining digital trust for all organizations, we see DevSecOps gaining increasing visibility this in 2018.
The basic principles of DevSecOps are built upon the idea that security is critical throughout the entire software development lifecycle and everyone in the software development lifecycle is responsible for security. Companies that embrace DevSecOps deliver better and more secure software because of the focus on collaboration and alignment across disciplines.
Enterprises are realizing that the key to success is the customer experience and without digital trust – security – the customer experience is potentially catastrophic.
The only way to deliver that experience is to ensure app security; the optimal way to ensure app security is to automatically scan code for vulnerabilities starting from development, through production, and continuing through deployment. This is one of the most effective ways to minimize risk and protect applications—and the business—from cyber incidents and massive data breach.
Identity-centric approach – the new face of security
At the same time, due to the convergence of cloud, mobile, IoT and the demand for always-on access, enterprises are becoming highly distributed digital enterprises that house web and mobile apps on-premises, in the cloud or in hybrid environments while user access requests can come from a broad spectrum of locations and devices.
As a result, the archaic approach to security where network perimeter controls user access simply cannot keep up with current demands. Now, people and things are the new perimeter, and their identities are the single unifying control point across all devices, apps and data. With the cost of identity fraud rising to $16 billion, verifying and securing user identities are more important than ever.
An Identity-centric security, which comprises of multi-factor advanced authentication and identity management, reduces risk by employing trusted-user management. This enables businesses to verify all access to critical assets and resources while reducing the risk of insider threats. It allows companies to take an enablement-focused approach that first and foremost protects the business, but also facilitates growth and innovation.
In today’s application economy, security no longer represents just a digital assets custodian, it is a critical business enabler. The right enterprise security can give an organization’s employees, partners and customers the seamless, consistent access they need to be more productive, flexible and innovative.
And, doing so while protecting the business from internal and external threats is how modern enterprises can engender the kind of trust that keeps customers coming back.