t cht lk
Simon Pearce , Executive CTO at Cisco AppDynamics makes security a shared responsibility across teams and encourages developers to prioritise security issues at every stage of the application lifecycle .
Changing application security landscape
Overall , as many as 88 % of technologists across the UAE report that it is now a challenge keeping up with emerging threats . Attack surfaces are growing exponentially due to rapid deployment of Internet of Things , IoT and connected devices and adoption of microservice-based application architectures . New hybrid working models have also exposed new vulnerabilities for organisations in all sectors .
In response , technologists need to lean on partners for data and insights into new security threats and to map these threats against their own organisation ’ s security posture .
Balancing speed , performance and security
Security is still viewed as an inhibitor of innovation within many organisations and , with release velocity the overriding priority , security teams have been cut out of the application development process until the very end of the development pipeline .
Traditionally , DevOps and SecOps teams have worked in silos , often with little understanding or appreciation of one another ’ s role .
DevSecOps involves significant cultural change , technologists need to put aside entrenched mindsets and embrace a more collaborative way of working , as well as developing new skills and knowledge outside of their own specific discipline .
However , it ’ s extremely worthwhile . A DevSecOps approach makes life a lot easier and less stressful for everyone in the IT department !
Volume of threats and alerts
Many technologists feel overwhelmed by the volume of security threats and vulnerabilities to their organisation . IT departments simply haven ’ t got enough time in the day to identify and analyse the number of threats they now face .
AI and Machine Learning is now essential to identify gaps , predict vulnerabilities and automate processes to remediate any security holes . As bad actors ramp up their use of AI and ML , it ’ s vital that enterprise security teams don ’ t fall behind . Indeed , 88 % of UAE technologists believe that AI will play an increasingly important role in addressing the challenges around speed , scale and skills that their organisation faces in application security .
Organisations simply cannot afford to neglect application security any longer . It needs to be treated as a critical element of the application lifecycle and the foundation for organisations to deliver agile development and accelerated innovation .
With a DevSecOps approach , application security and compliance testing are integrated throughout the software development lifecycle , rather than being an afterthought at the end of the development pipeline . It
Technologists must therefore do all they can to overcome the challenges they face , and ensure they have the tools , insights and structures they need to adopt a security approach for the full application stack . p
www . intelligentcio . com INTELLIGENTCIO AFRICA 69