The last 12 months have been intense for technologists as they attempt to steer their organisations through a host of strategic and operational obstacles. A common challenge is how to manage the dramatic increase in the attack surface for security threats.
As enterprises adapt to the business conditions presented by the COVID-19 pandemic, they are becoming increasingly reliant on applications to engage with and deliver services to customers, which leads to huge volumes of personal user data being housed within the application. At the same time, IT teams have been tasked with rapidly and effectively transitioning huge numbers of the workforce to remote working. At the peak of the first UK lockdown in April 2020, almost half (47 per cent) of the working population were working remotely at least some of the time.
These - plus many other mitigating factors - have created significant cybersecurity challenges for most organisations. Here, James Harvey, EMEAR CTO, Cisco AppDynamics makes the case for application-led security, as technologists seek to simplify vulnerability management in the face of growing IT complexity and bridge the silos across IT teams.
Adopting an application-led approach to security
According to the Agents of Transformation Report 2020: COVID-19 Special Edition, 87 per cent of global technologists said that remote working provision was a challenge for their organisation, with security and robust identity and access management (84 per cent) and security of mission-critical applications (83 per cent) amongst the top digital workplace challenges to contend with.
Applications are crucial to many of the essential functions that businesses carry out every day, and whether they are running on-premise, in multi-cloud environments or in cloud-native microservices, they contain growing amounts of data. And that data can become extremely costly if exposed as part of a breach.
Not all firms are equipped to provide adequate security to safeguard their exposure to potential threats. The answer lies in an approach that uses innovative tools to make security a number one priority from the beginning and not a bolt-on at the end of the process.
Think of the scenario. You're responsible for security within an organisation. The entire business and its stakeholders rely on you to keep all digital services free from threats, but it's difficult to have a holistic view with silos that are so often present between teams. Security teams essentially become a fourth emergency service that responds to anyone who reports a problem. What they should be doing is using the intelligence they have available to correlate insights between teams for shared context. By bringing together the Application and Security teams, technologists can identify vulnerabilities within the application during production, correlate vulnerabilities and breaches with business impact, and facilitate speedy remediation.
Security now needs to be application-led. It needs to be embedded inside the application, not around it. It also needs to be continuous and automated, since applications are dynamic and change so often. This means identifying vulnerabilities within the application during production, correlating vulnerabilities and breaches with business impact, and bringing together application and security teams to facilitate speedy remediation.
It's a coordinated approach whereby security teams don't operate as an island on their own. They share insights and end up with solutions that are secure from the very core and offer high performance as required by the business. Firms shouldn't have to choose between security and velocity.
Making threat management simple
A new solution developed by Cisco AppDynamics has become the first of its kind in the industry to drastically simplify vulnerability management, defend against attacks and protect applications - from the inside-out. Cisco Secure Application works by correlating security and application insights through a single solution, thus giving a shared context that enables better collaboration. Users benefit from reduced alert fatigue, real time threat detection, and automatic breach prevention. Meanwhile, the business becomes more confident in the performance of its applications without worrying about the damage to their brand that a security breach could bring.
Cisco Secure Application provides enterprise IT teams with visibility into an application's true behaviour to easily detect attacks, identify deviations, and block attacks automatically. And by combining the insights from security and application topology and applying business relevance to security events, teams can focus on the incidents that matter most.
More apps, more intelligent security
With the distribution of apps continuing to pick up pace throughout 2021, it's important that security is seen as an enabler, not a roadblock. Using a DevSecOps model helps create applications that are as secure as they are agile. It also means businesses are more streamlined and efficient because the necessary teams are working together throughout the development process. And with insights continually monitored and analysed, and responses better automated, security will be more intelligent and baked in at every stage.
More applications shouldn't necessarily cause more headaches. They should encourage IT teams to think collaboratively and roll out solutions that keep applications and their data safe and secure. The pace of innovation is expected to accelerate over the next year as businesses continue to look to technology to survive and grow in a turbulent marketplace. With no ‘return to normal' in sight, IT teams need to adopt an application-led approach to security and adopt a positive mindset. Security should not be seen purely as a defensive measure, but as a way to enable growth, innovation, and agility.
This is a sponsored post