To understand the current and future state of application security, we obtained insights from five IT executives. We asked them, “What’s the future for application security from your point of view?” Here’s what they told us:
- In the IT ecosystem, we have software-defined networks, software-defined infrastructure, software-defined virtual machines, and even software-defined radios. The future is in software-defined security —letting applications secure themselves through an integrated and automated software-security layer.
- CISO’s fear of the data breach. The biggest opportunity for improvement is with API breaches, where multimillion records are breached because compromised access to your backend. How do we get better?1) embrace automation and 2) shift in your architectural thought process and realize that we can’t depend on firewalls or agents on operating systems or a serverless app. It’s much better with identity management (2FA, MFA). Analyzer engines will be analyzing apps all the time. When vulnerabilities are found, they are codified into an actionable unit of work.
- There is no silver bullet for application security in my opinion. The greatest opportunities lie in not looking for a single solution but focusing on visibility into what you’re doing and spreading your efforts to find vulnerabilities from various perspectives.
- As connected devices continue to expand their footprint, we see opportunities to apply best practices in security to the Internet of Things.
- It’s not an issue of technology; there’s plenty of great technology, and it’s not being used. We can do 8,000 enterprises if enterprises reach out to us. Business is doing what adds to their bottom line. Only visionary business leaders make security as important as quality. Loss of reputation, penalties for not protecting data will increase. Vendors have the capability to meet the needs of the enterprise, but the enterprise must want to secure their apps.
Here’s who shared their insights:
- Erik Costlow, Developer Relations, Contrast Security
- James McClay, Product Manager, Cybera
- Doug Dooley, COO, Data Theorem
- Joseph Feiman, Chief Strategy Officer, WhiteHat Security
- Vincent Lussenburg, Director of DevOps Strategy, XebiaLabs