FEATURE : DATA SECURITY
Stephen Gillies , Manager – Sales Engineering APAC , Fastly , said : “ The DevOps movement proved that rapid automation and testing and rapid iteration would translate into more innovation . But innovation filled with risk is not really the end game . The next crucial step is to implement security directly into the internal app and API workflow process so it is not a hurdle to work around , but a part of the process that can move as quickly as the rest if done right . Otherwise , it ’ s just more of the same , and security will remain elusive .”
Research from the study also concludes :
• On average , Australian organizations surveyed spend close to AU $ 580,000 annually for web application and API security tools . Security is becoming more complex and costly as organizations are required to protect traditional architectures , in addition to new architectures and cloud environments .
• Traditional security tools are ineffective and impede business growth . Current security tools frequently block harmless business traffic , impacting the organization ’ s bottom line . As a result , 72 % of Australian respondents configured their security tools to run in log or monitoring mode only , rather than in blocking mode ; 12 % shut the tools off entirely ; and 16 % did both . This is despite 53 % preferring to run tools in blocking mode , since it would reduce manual intervention and effort – if it worked effectively .
• Nearly half of all security alerts are false positives . A majority of Australian respondents spend an equal amount or more time on false positives as they do on actual attacks , suggesting current security tools are causing more problems than they solve .
• 45 % of Australian organizations surveyed believe most or all of their applications will use APIs in the next two years . Despite an anticipated increase in API implementation , organizations stated that web application and API security is more difficult than two years ago and indicated struggles to maintain adequate security across new application architectures . Driving these difficulties is the shift to public cloud and API-centric applications without a modern security solution to support those innovations .
• Distributed responsibility for security often adds complexity . Among Australian organizations surveyed , 63 % of organizations have different teams responsible for securing web applications , but plan to merge and centralize these responsibilities in the future . Responsibilities may fall on developers , cloud engineers , IT ops or line-of-business owners . They rarely fall on specific security personnel . Cybersecurity typically only gets
involved just before an app goes into production ( 35 %) or when it starts to store sensitive data ( 28 %).
“ The responsibility for protecting enterprise assets , data and users from cyberthreats no longer falls solely on the security organization , even as the threat landscape becomes increasingly complex . Application security in particular , is a team sport that requires input and cross-functional collaboration across many parts of an organization ,” said John Grady , Senior Analyst at ESG .
“ As a result , security professionals have become frustrated with the complex and siloed nature of traditional application security solutions that fail to address these issues . Modern businesses require uniform tools and approaches that can minimize vulnerabilities between their public cloud infrastructure , microservices-based architecture and legacy applications , while supporting a variety of personas .” p
Stephen Gillies , Manager – Sales Engineering APAC , Fastly
THE RESPONSIBILITY FOR PROTECTING ENTERPRISE ASSETS , DATA AND USERS
FROM CYBERTHREATS NO LONGER FALLS
SOLELY ON THE SECURITY ORGANIZATION .
www . intelligentcio . com INTELLIGENTCIO APAC 55