An Integrated Approach to Security is Vital in the Application Age

Stuart Sumner
clock • 4 min read

James Harvey, EMEAR CTO, Cisco AppDynamics makes the case for application-led security, as technologists seek to simplify vulnerability management in the face of growing IT complexity and bridge the silos across IT teams.

The last 12 months have been intense for technologists as they attempt to steer their organisations through a host of strategic and operational obstacles. A common challenge is how to manage the dramatic increase in the attack surface for security threats. 

As enterprises adapt to the business conditions presented by the COVID-19 pandemic, they are becoming increasingly reliant on applications to engage with and deliver services to customers, which leads to huge volumes of personal user data being housed within the application. At the same time, IT teams have been tasked with rapidly and effectively transitioning huge numbers of the workforce to remote working. At the peak of the first UK lockdown in April 2020, almost half (47 per cent) of the working population were working remotely at least some of the time. 

These - plus many other mitigating factors - have created significant cybersecurity challenges for most organisations. Here, James Harvey, EMEAR CTO, Cisco AppDynamics makes the case for application-led security, as technologists seek to simplify vulnerability management in the face of growing IT complexity and bridge the silos across IT teams.

Adopting an application-led approach to security

According to the Agents of Transformation Report 2020: COVID-19 Special Edition, 87 per cent of global technologists said that remote working provision was a challenge for their organisation, with security and robust identity and access management (84 per cent) and security of mission-critical applications (83 per cent) amongst the top digital workplace challenges to contend with.  

Applications are crucial to many of the essential functions that businesses carry out every day, and whether they are running on-premise, in multi-cloud environments or in cloud-native microservices, they contain growing amounts of data. And that data can become extremely costly if exposed as part of a breach.

Not all firms are equipped to provide adequate security to safeguard their exposure to potential threats. The answer lies in an approach that uses innovative tools to make security a number one priority from the beginning and not a bolt-on at the end of the process.

Think of the scenario. You're responsible for security within an organisation. The entire business and its stakeholders rely on you to keep all digital services free from threats, but it's difficult to have a holistic view with silos that are so often present between teams. Security teams essentially become a fourth emergency service that responds to anyone who reports a problem. What they should be doing is using the intelligence they have available to correlate insights between teams for shared context. By bringing together the Application and Security teams, technologists can identify vulnerabilities within the application during production, correlate vulnerabilities and breaches with business impact, and facilitate speedy remediation.

Security now needs to be application-led. It needs to be embedded inside the application, not around it. It also needs to be continuous and automated, since applications are dynamic and change so often. This means identifying vulnerabilities within the application during production, correlating vulnerabilities and breaches with business impact, and bringing together application and security teams to facilitate speedy remediation.

It's a coordinated approach whereby security teams don't operate as an island on their own. They share insights and end up with solutions that are secure from the very core and offer high performance as required by the business. Firms shouldn't have to choose between security and velocity.

Making threat management simple

A new solution developed by Cisco AppDynamics has become the first of its kind in the industry to drastically simplify vulnerability management, defend against attacks and protect applications - from the inside-out. Cisco Secure Application works by correlating security and application insights through a single solution, thus giving a shared context that enables better collaboration. Users benefit from reduced alert fatigue, real time threat detection, and automatic breach prevention. Meanwhile, the business becomes more confident in the performance of its applications without worrying about the damage to their brand that a security breach could bring.

Cisco Secure Application provides enterprise IT teams with visibility into an application's true behaviour to easily detect attacks, identify deviations, and block attacks automatically. And by combining the insights from security and application topology and applying business relevance to security events, teams can focus on the incidents that matter most.

More apps, more intelligent security

With the distribution of apps continuing to pick up pace throughout 2021, it's important that security is seen as an enabler, not a roadblock. Using a DevSecOps model helps create applications that are as secure as they are agile. It also means businesses are more streamlined and efficient because the necessary teams are working together throughout the development process. And with insights continually monitored and analysed, and responses better automated, security will be more intelligent and baked in at every stage.

More applications shouldn't necessarily cause more headaches. They should encourage IT teams to think collaboratively and roll out solutions that keep applications and their data safe and secure. The pace of innovation is expected to accelerate over the next year as businesses continue to look to technology to survive and grow in a turbulent marketplace. With no ‘return to normal' in sight, IT teams need to adopt an application-led approach to security and adopt a positive mindset. Security should not be seen purely as a defensive measure, but as a way to enable growth, innovation, and agility.

This is a sponsored post

You may also like
One in ten technologists are operating as Agents of Transformation, but more will need to step up to drive the next wave of innovation

Careers and Skills

Joe Byrne, Executive CTO at Cisco AppDynamics, explores the latest findings from the annual Agents of Transformation research, revealing the innovative technologists who are reimagining applications and digital services delivery.

clock 14 July 2022 • 4 min read
Technologists urgently need visibility into Kubernetes environments to deliver better digital experiences

Systems Management

James Harvey, Executive CTO, EMEAR at Cisco AppDynamics explores why technologists need visibility into Kubernetes environments to deliver better digital experiences.

clock 24 June 2022 • 4 min read
Leaving firefighting behind: How full-stack observability can help technologists look beyond the pressure of digital transformation

Cloud Computing

James Harvey, executive CTO, EMEAR at Cisco AppDynamics, explores how full-stack observability can help free technologists from the pressures of IT firefighting and embrace a more sustainable approach to managing their IT stack

clock 31 January 2022 • 4 min read

More on Cloud Computing

IT glitch takes passports gates offline across the UK

IT glitch takes passports gates offline across the UK

However, a cyber attack has been ruled out

Tom Allen
clock 08 May 2024 • 2 min read
Enter the Cloud Excellence Awards 2024

Enter the Cloud Excellence Awards 2024

Enter today!

clock 28 March 2024 • 1 min read
NCSC issues guidance for migrating SCADA systems to the cloud

NCSC issues guidance for migrating SCADA systems to the cloud

SCADA systems are an enticing target for cybercriminals

clock 19 March 2024 • 3 min read