Published on October 29, 2023, 9:49 pm
Applications are the leading cause of external breaches, according to the Forrester State of Application Security 2022 report. This emphasizes the importance of addressing application security concerns, especially in today’s complex software supply chain landscape.
To effectively address these risks, security professionals need to shift from a tactical and reactive mindset to a proactive approach that integrates application security tightly with development and focuses on strategic concerns.
The move towards agile methodologies, combined with the complexity of cloud-native applications and the continuous deployment of code to production environments, has increased the vulnerabilities organizations face. Rick McConnell, CEO of Dynatrace, highlights the need for fully automated application security practices that can detect vulnerabilities and facilitate remediation throughout the software development lifecycle.
Organizations often struggle with determining the appropriate investment in security. While businesses can always spend more on security measures, it’s important to assess whether the amount invested delivers sufficient value-add to protect infrastructure. Striking this balance will be an ongoing challenge for organizations.
McConnell suggests that companies should start by developing a blueprint outlining their desired cloud environment and its required level of security. This blueprint becomes a foundation for creating policies and implementing necessary security measures.
Strict legislation around cloud and application security is emerging in countries like Singapore and Thailand to protect public data. Organizations must have full visibility into their cloud environment without restrictions when holding sensitive information. Simply moving to the cloud won’t guarantee a protected environment; comprehensive security measures are essential.
When it comes to Application Performance Monitoring (APM) solutions designed for the cloud, McConnell believes not all are created equal. APM tools play a crucial role in detecting performance issues before they impact real users. Dynatrace goes beyond traditional APM by incorporating traces, logs, metrics, behavioral analytics, metadata, and other forms of data into an integrated intelligent AI ops engine that automates responses to issues within an organization’s infrastructure or applications.
To benchmark their use of APMs against international standards (if they exist), organizations often rely on open-source technologies or design their own solutions. However, Dynatrace offers analytical views to help organizations pinpoint issues and provides precise insights into application performance.
Looking ahead, McConnell advises organizations to choose a provider that focuses on innovation and maintaining high standards over time. With the complexity of today’s multi-cloud environments, an intelligent AI engine that continuously evolves and adapts to new threats is crucial for ensuring long-term application security.
To gain further insights into addressing application vulnerability in the cloud era, you can listen to Rick McConnell’s perspective in this episode of PodChats for FutureCIO.
In conclusion, prioritizing application security and adopting proactive measures is essential given the increasing risks associated with applications. By integrating security tightly with development practices and leveraging automated tools like APM solutions, organizations can mitigate vulnerabilities and safeguard their data, processes, and systems.