t cht lk full application stack , moving to a DevSecOps model where application security is integrated throughout the software development lifecycle , and embracing artificial intelligence , and automation to cope with soaring volumes of security threats .
But in order to embed this type of robust application security approach within their organisations over the next 12 months , technologists identify six key challenges that they will need to overcome :
Lack of visibility into attack surfaces
‘ security limbo ’ because they don ’ t know what to focus on and prioritise .
Business transaction insights are vital to help IT teams to measure the importance of and to prioritise , threats based on severity scoring . These scores factor in the context of the threat , meaning technologists can see which issues are likely to affect a business-critical area of the environment or application .
Discovery and protection of sensitive data
Technologists state that their current security solutions work well in silos but not together , meaning that they can ’ t get a comprehensive view of their organisation ’ s security posture .
Many technologists are now losing control of where data sits within their application portfolios , with application components running across multi-cloud environments and on-premise databases .
This is why IT teams need to integrate performance and security monitoring to understand how vulnerabilities and incidents could impact end users and the business . Technologists need to be able to understand the code , and everything around it , with continuous detection and prioritisation , so that they can detect and block exploits automatically , maximising speed and uptime while minimising risk .
Prioritising threats based on severity
IT teams are being bombarded with security alerts from across the application stack and they have no way to cut through this data noise to understand which alerts really could do most damage . As a result , about two thirds of local IT departments find themselves in
This opens up visibility gaps and increases the risk of a major security event , given the volumes of customer data which exist within many of these applications .
Technologists therefore need to implement runtime application self-protection , RASP which provides visibility from inside apps so they can be secured wherever they live and however they are deployed . Validating data requests directly inside the app helps to prevent vulnerabilities from being exploited and provides threat intelligence that identifies attacks down to the code level . Developers can have targeted insight into their application environments that allow them to respond to threats at scale , whether that ’ s in containers , on-premises , or in the cloud .
68 INTELLIGENTCIO AFRICA www . intelligentcio . com