New research reveals challenges AppSec teams face in securing cloud-native development. Learn how to modernize your approach for stronger security.
Legit Security, the definitive application security posture management (ASPM) leader providing end-to-end visibility and protection across the entire software factory, and TechTarget’s Enterprise Strategy Group (ESG), a leading IT analyst, research, and strategy firm, announced the publication of Modernizing Application Security to Scale for Cloud-native Development. The report delves into the development trends driving the need to modernize application security programs and evaluates pressing challenges that application security teams encounter with their current tools. The findings underscore the urgency for organizations to modernize their application security practices to support growth and mitigate risks.
“Organizations are increasingly adopting new technologies to bolster their software development, and as modern development has changed, so have attacker tactics,” said Joe Nicastro, Field CTO of Legit Security. “Development teams use cloud-native technologies to drive efficiency and optimize innovation. However, this often leads to a larger attack surface due to misconfigurations, vulnerable plug-ins, and excessive permissions throughout the SDLC. In today’s environment, organizations must adopt security solutions to protect their software factory from end-to-end while providing developers with the guardrails they need to do their best work safely.”
The report found that application teams face several challenges, such as keeping up with the speed and volume of releases and prioritizing remediation. These challenges highlight the importance of a modernized approach and alignment with development and DevOps teams for improved collaboration. Additionally, nearly all organizations reported difficulties fixing vulnerabilities after applications were deployed, reinforcing the significance of incorporating security processes and tools in the build process.
The report’s key findings include:
- 60% of organizations use IaC to simplify infrastructure provisioning and easily deploy software applications. However, increased IaC adoption can magnify misconfigurations because flaws are easily proliferated if not addressed. Of particular concern, 67% of respondents report increasing IaC misconfigurations.
- 45% of security teams supporting cloud-native development processes said understanding and managing risks related to the usage of generative AI is their biggest challenge. This is followed by measuring and improving AppSec program effectiveness and understanding developer environments and assets to manage security effectively.
- The majority of organizations experienced a cybersecurity event involving their cloud-native application stack in the last 12 months, with secrets stolen from a source code repository (32%) being the most common incident.
- Only 39% of organizations report that their security teams have visibility for certain applications, reinforcing the necessity for visibility into security testing in development.
Also Read: Cloudera Unveils Report on ‘The State of Enterprise AI and Modern Data Architectures’
“Our research calls attention to how traditional application security teams need solutions that support modern development processes as they scale to drive productivity and business growth,” said Melinda Marks, Practice Director, Cybersecurity, Enterprise Security Group. “The research showed that in addition to securing the applications, security teams need to address security related to how developers work, including secrets, pipeline tools, containers, and source code repositories. While these elements enable developers to collaborate quickly, the added attack surfaces and the chance for mistakes increases as development scales. By understanding and addressing these areas, organizations can improve their security programs. This is important as we have often seen that just one incident can have severe ramifications on the business, including data loss, business disruption, application downtime, customer data loss, malware, and compliance fines.”
To download the full report, click here.
