The growth of the Internet of Things (IoT) and connected devices is the biggest factor in expanding the attack surface of organizations.according to it New report from Cisco AppDynamics89% of global IT professionals believe their organizations have expanded their attack surface in the last two years. The shift to a full application stack report security approach enlisted his 1,150 her IT professionals from organizations across various sectors and international markets to outline the current application security challenges impacting IT departments. I investigated.
Enterprises will face significant application security risks in 2023
The rapid adoption of the cloud, accelerated digital transformation, and new hybrid working models, along with the growth of IoT and connected devices, are also significantly expanding the attack surface, the report notes. Microservices-based application architectures and DevOps methodologies also play a key role, he added, exposing applications to new vulnerabilities. These factors will influence the application security challenges enterprises face in his 2023. His 78% of respondents said their organization’s entire application stack could be vulnerable to attacks in the next 12 months.
The top six application security challenges detailed in the 2023 report are:
- Lack of visibility into attack surfaces and vulnerabilities
- Difficulty prioritizing threats based on severity, impact, and business context
- Discover and protect sensitive data
- The problem of keeping up with the rapidly changing application security landscape
- The challenge of balancing speed, application performance, and security
- Volume of security threats and alerts
58% of respondents say their organizations are in a “security state of limbo” due to ineffective visualization and contextualization of application security risks. “IT teams are bombarded with security alerts from across the application stack, but they can’t cut through the data noise,” states the report. “It is almost impossible to understand the risk level of security issues in order to prioritize remediation based on business impact. As a result, techs are overwhelmed with new security vulnerabilities and threats. .”
Lack of collaboration and understanding between IT operations and security teams also leads to increased vulnerability to security threats and blind spots, difficulty balancing speed, performance and security priorities, slow reaction times when dealing with security incidents. The report found that it had some negative effects, such as slowness. Not to mention that 55% of his technologists say they believe security is a hindrance rather than an enabler for innovation within their organizations.
Key technology and cultural shifts to achieve DevSecOps
DevSecOps is key to addressing the application security risks facing modern businesses, but moving to a DevSecOps approach will require both technological and cultural changes, says the report. While increasing automation to detect and block security issues is something most respondents are looking for, the report suggests that ITOps/developer teams are more security aware and knowledgeable, It also became clear that professionals needed a deeper understanding of application development. and factors that affect performance.
One approach that experts believe can help organizations in this area is Tailor security training for developers to help address risksThis includes replacing outdated security education with awareness training that is more engaging and relevant to developers, providing them with the knowledge they need to address the threat landscape and the dynamic technological foundations of application security. includes better communication of
Copyright © 2023 IDG Communications, Inc.
