Application Security Has Its Best Ever Chance For Success
Joseph Feiman, Chief Strategy Officer at application security leader WhiteHat Security, overseeing its technology direction and vision.
The last year has been marked by the rapid progress of transformational DevOps models. IT teams are grappling with how to manage and scale infrastructures facing the sudden digital-first reality brought on by the global pandemic. This year has seen an increase in areas such as infrastructure-as-a-code, serverless computing and end-to-end DevOps workspaces with a universal experience across the whole software lifecycle. This shift toward integration and connection to boost efficiency and quality in development is not one that will slow down.
For application security, this DevOps transformation has offered a unique opportunity. For the first time in over a decade, it is now realistic to integrate security into the DevOps model, making it DevSecOps. DevSecOps will ensure that organizations are not only more agile but secure. This gives their risk posture a boost that is often ignored with most DevOps models today. Taking all of this into account, I believe that throughout 2022, the DevSecOps community will increase more than it has in the previous ten years combined.
Covid-19 forced organizations to go digital overnight. Platforms that were seen as supporting services are now the necessary lifeline to an organization’s operations. As such, the need to deliver software products and services with quality and reliability has accelerated now when workforces have gone remote more than ever before. The old way of developing applications can no longer sustain companies looking to innovate and grow and yet remain secure in the midst of this pandemic.
One step in that transformational direction is being taken by DevOps communities, like GitHub. They have begun rapidly developing native application security solutions. At the same time, application security vendors started integrating existing technologies within the unified DevOps. This allows them to serve the unified DevOps with intermediate solutions. These solutions will not be long-term because they have not been originally designed for the new paradigms. They are buying themselves time to invent community-native and cloud-native solutions. Those combined efforts raise assurance that DevOps will likely transform itself into DevSecOps over the next several years.
From an eagle’s-eye view, DevSecOps can be categorized as seamlessly integrating security into each step of the entire application lifecycle — from planning and designing, coding, reviewing, testing, and deploying, all the way to operations. By now, most organizations have implemented DevOps and reaped the benefits of doing so. According to Deloitte, organizations that have adopted DevOps saw an 18-21% reduction in time to market. Forrester analysts in the areas of DevOps, security and Agile agree that IT teams perform much better in remote working environments when silos between security and DevOps are broken.
This coupling of DevOps and security has offered a distinctive perspective on the future of the security industry by bridging the gap between the conflicting agendas of the ones building the applications and the ones protecting them. Security should be a shared responsibility so that potential vulnerabilities are detected before the application rolls into production — and before it could be exploited in operation.
Recent advancements made by the global DevOps communities, combined with embedding security into the development process, enable us to predict that application security will get elevated to a new high level and will be broader than ever adopted in the next few years, thus raising applications’ capabilities to resist attacks.