Data breaches and cyber-attacks have become an everyday reality owing, mainly, to the rise in volume, relevance, and centrality of data. The past few years have shown us that, big or small, profit-making or not, every kind of organization is vulnerable to data breaches and attacks. This, in turn, has led to the rising need and indispensability of cybersecurity. The swelling number of data breaches and cyber-attacks in 2018 have taught us and reiterated some important lessons. In this piece, we are going to reflect on application security in 2018 and predictions for 2019.
2018 Reflections on Application Security
Top players faced/disclosed data breaches, zero-day threats, and cyber-attacks:
These major breaches apart, 50-60% of small and medium businesses in the USA have experienced some form of data breach or cyber-attack. A majority of these business owners did not know how to secure their apps and digital assets from such attacks.
2018 data breaches have reiterated the indispensability of application security for businesses of all kinds. Even big players like Facebook who pride themselves for their cybersecurity capacity and capabilities are vulnerable to attacks and breaches. It taught us these lessons:
In 2018, cloud has emerged as a must-have technology and is being widely adopted by more and more organizations, not just small and medium businesses. Cloud is not limited to inexpensive storage and cheap servers anymore. It offers speed and scalability apart from cost-effectiveness. It empowers disruptive companies to innovate and grow by leveraging cloud-based tools and technologies. This, in turn, helps them gain a competitive edge in the market and compete with the big players.
However, cloud services and cloud-based technology come with their own set of cybersecurity risks and issues. Most providers of cloud services rely on Open Source Code and common infrastructure. So, one vulnerability somewhere could potentially set off a chain reaction, putting users of the organization’s technology/service and their users and so on at risk. This was the case with Sears Holding Corporation and Delta Airlines (discussed in the previous section).
Even though private clouds are growing continuously with companies building on-premise cloud platforms in their own data centers, it is noteworthy that over 60% of businesses in the US depend on public cloud platforms. Public cloud platforms, by definition, mean you are sharing the space with several others, putting your digital resources at risk. Whether public or private, the responsibility of putting in place cybersecurity measures and securing data and other digital resources rests is on the organization and not the cloud provider.
Business agility comes with a higher risk:
In the face of waning attention spans of users/customers/clients and a growing sense of impatience, speed and agility have become essential for organizational success. To achieve business speed and agility, organizations are adopting various technologies including cloud computing, cloud-based services, anywhere/anytime connectivity, IoT, software-as-a-service (SaaS), software-based automation, etc. Along with all the benefits, these technologies also bring big risks for the organization. Security personnel and developers often find themselves under immense pressure to ensure that the cybersecurity measures do not reduce business agility.
2019 Predictions for Application Security
Managed services and specialist have a greater role to play: Most of the data breaches in 2018 reiterated that comprehensive and sound cybersecurity strategies along with regular scanning, penetration testing and security audits of web applications could have saved millions of dollars for organizations. Automation, despite its lower time and hassle cost, will not be sufficient by itself and will need to be augmented with human expertise for best results. By hiring the services and human expertise of certified security professionals through managed services, organizations will be able to be prepared for the unknown, include custom rules and customized strategies, better identify business logic flaws and so on and use those human insights as a foundation to further improve the automation. Therefore, 2019 will see managed services and certified security specialists playing a greater role in application security and continuing to be a breeding ground of innovation for further automation.
Cloud adoption is not going to stop in 2019. This is a fact. Organizations will invest more in the cloud to revolutionize their web applications and processes. The growth of private cloud platforms will continue to surge, and organizations will work towards turning their data centers into cloud powerhouses. With many more cloud-related breaches and cyber-threats and the increasing cost of data breach, organizations must and will invest time, energy and resources on security data, digital assets, etc. on different cloud platforms.
Convergence of security and performance: Even though the trend has started already, 2019 will see a greater convergence of security and performance. Agility and performance do not have to be at loggerheads with security. Seamless application security that keeps agility and performance intact is available through comprehensive cloud-based security services such as AppTrana.
Hire a managed, cloud-based security service like AppTrana and ensure that your business agility, performance, and growth are not compromised for security and vice-versa.
Founder & Chief Marketing Officer, Indusface
Venky has played multiple roles within Indusface for the past 6 years. Prior to this, as the CTO @indusface, Venky built the product/service offering and technology team from scratch, and grew it from ideation to getting initial customers with a proven/validated business model poised for scale. Before joining Indusface, Venky had 10+ years of experience in security industry and had held various mgmt/leadership roles in Product Development, Professional Services and Sales @Entrust.