Morioh
Login
Angela Dickens

Angela Dickens

3 years ago

The need for digital engagement with customers, partners, and employees has never been greater than it is today. Most organizations were already in varying stages of digital adoption when the pandemic hit. Suddenly, businesses of all sizes realized that their very survival depends on their ability to lean into digital transformation initiatives.

What Does Digital Transformation Mean?

Digital transformation means different things across industries, markets, and even companies. And while much has been gained as a result of digital innovation, much remains to be done. For example, McKinsey finds that nearly 8 in 10 enterprises are still in the early stages of digital adoption.

When it comes to software, Software-as-a-Service (SaaS) applications and services are certainly a critical linchpin. They offer organizations various advantages—rapid time to market to ease of use. But not every business requirement can be addressed by SaaS applications and services. In response, organizations develop their applications—either by themselves or in concert with software development providers.

Legacy development approaches simply will not scale to meet the time-to-market requirements of this new push to develop and deploy applications. Software releases must occur multiple times per week or even day, and this has given rise to Agile and DevOps. Pre-pandemic, research shows Agile and DevOps adoption was a key focus area: 56% of CIOs said they planned to implement Agile or DevOps this year. Growth forecasts for the space are significant as well—Market Insights, as an example, predicts a compound annual growth rate (CAGR) of 20% for DevOps through 2026.

Agile and DevOps Expanding Post-Pandemic

With the pandemic, though organizations are cutting back in many areas of their businesses, digital transformation is not one of them. A study from April by OpsRamp found that 73% of IT operations and DevOps leaders plan to accelerate or maintain digital transformation initiatives as a result of COVID-19. A recent survey completed by Contrast Security uncovered similar results, with nearly 60% of development, security, and operations leaders indicating they plan to increase Agile and DevOps spending and resources. A paltry 9% said they plan to decrease spending and resources in the area.

These digital initiatives pose substantial opportunities for most organizations. In business leaders cite improving customer experience (61%), cost control and business efficiencies (53%), improved IT systems and processes (32%), and increased organizational agility (24%) as top factors behind digital innovation. Without Agile and DevOps, organizations simply cannot achieve the scale, speed, and cost efficiencies needed to develop and deploy the applications that power these business outcomes.

Agile and DevOps Dramatically Expand Application Attack Surface

Yet, the growth in applications, including application programming interfaces (APIs), creates significantly greater risk exposures. In the study Contrast Security recently completed, we found that the average enterprise has between 250 and 499 applications in development or production and over 1,500 APIs serving as the thread connecting them. The sheer number of applications and APIs to protect is daunting. Add that upwards of 90% of applications rely on open-source frameworks and libraries, including an average of 47 third-party libraries in one application, and securing the application attack surface becomes a huge undertaking, which extends from developers to security, to operations.

Putting aside the challenges modern software development life cycles (SDLCs) pose when it comes to accelerated development cycles, the dramatically expanded attack surface poses a significantly greater risk to organizations.

Cyberattacks on Applications at Exponential Volumes

The volume of attacks on individual applications is exponential. Contrast Labs in our recently published “2020 Application Security Observability Report” found that an individual application experienced an average of 13,279 attacks each month over the past year. And while only 2% found a vulnerability, the hit rate is significant—266 per month or 3,192 for the year. Multiply that by the total number of applications in production, and the number becomes enormous—six figures for an organization with just 31 applications.

Application-Related Data Breaches Explode

Considering the number of successful “connections” that are happening with cyberattacks and application vulnerabilities, it is not surprising that the percentage of data breaches tied to application vulnerabilities more than doubled this past year—reaching 43% according to Verizon. In a separate study, Forrester uncovered a similar finding, with 42% of organizations indicating they experienced a cyberattack in the past year that was due to an application vulnerability exploit.

#devops #digital transformation #cyber security #devsecops #agile and devops #rasp

Cyberattacks on Applications Grow Exponentially, Posing Serious Risk

dzone.com

Cyberattacks on Applications Grow Exponentially, Posing Serious Risk

The need for digital engagement with customers, partners, and employees is in high demand. Yet, growth in applications and APIs poses greater risk exposure.

1.05 GEEK