sb-au logo
Story image

Building digital trust in 2018: Security predictions from CA Technologies

17 Jan 2018

Article by CA Technologies president and GM for APJ, Martin Mackay.

As technologies such as mobile devices, cloud, social media, and IoT become increasingly pervasive, they bring about more opportunities for organizations to expand, innovate, and optimize.  Underpinning the successful deployment of these innovations is digital trust, the primary currency of today’s modern enterprises.

On the other hand, new technologies materially increase the threat of cyberattacks and data breaches. Security incidents are seemingly becoming more and more commonplace today. Over the last few years, many companies, of various sizes, have experienced major data leaks. Clearly, security threats are increasing and it is becoming a challenge to keep up.

Security can no longer be an afterthought

In today’s security environment, it is critically important for security to be integrated seamlessly throughout the whole software development lifecycle. A “bolt-on” approach to security is not only inadequate, but might also cause immense, irreparable damage to an organization’s operations and reputation. However, historically, developers have not been overly concerned with the security of an application; their focus has been on functionality. 

Fortunately, businesses are realizing that protecting their apps after the code is written is a reactive approach that is simply –  too little, too late. In fact, a recent study conducted by CA’s Veracode found that 62% of IT pros felt app security was very important to their development team. The same study also uncovered that 43% of IT pros stated that fixing flaws during development is easier than patching.

DevSecOps gaining traction in the new year

The integration of Development and Operations – DevOps – is gaining widespread traction.  The evolution of this concept is DevSecOps – Development – Security – Operations where security is integrated into all processes.  Given the critical nature of establishing and maintaining digital trust for all organizations, we see DevSecOps gaining increasing visibility this in 2018.  

The basic principles of DevSecOps are built upon the idea that security is critical throughout the entire software development lifecycle and everyone in the software development lifecycle is responsible for security.  Companies that embrace DevSecOps deliver better and more secure software because of the focus on collaboration and alignment across disciplines.

Enterprises are realizing that the key to success is the customer experience and without digital trust – security – the customer experience is potentially catastrophic.  

The only way to deliver that experience is to ensure app security; the optimal way to ensure app security is to automatically scan code for vulnerabilities starting from development, through production, and continuing through deployment. This is one of the most effective ways to minimize risk and protect applications—and the business—from cyber incidents and massive data breach.

Identity-centric approach – the new face of security

At the same time, due to the convergence of cloud, mobile, IoT and the demand for always-on access, enterprises are becoming highly distributed digital enterprises that house web and mobile apps on-premises, in the cloud or in hybrid environments while user access requests can come from a broad spectrum of locations and devices.

As a result, the archaic approach to security where network perimeter controls user access simply cannot keep up with current demands. Now, people and things are the new perimeter, and their identities are the single unifying control point across all devices, apps and data. With the cost of identity fraud rising to $16 billion, verifying and securing user identities are more important than ever.

An Identity-centric security, which comprises of multi-factor advanced authentication and identity management, reduces risk by employing trusted-user management. This enables businesses to verify all access to critical assets and resources while reducing the risk of insider threats. It allows companies to take an enablement-focused approach that first and foremost protects the business, but also facilitates growth and innovation.

In today’s application economy, security no longer represents just a digital assets custodian, it is a critical business enabler. The right enterprise security can give an organization’s employees, partners and customers the seamless, consistent access they need to be more productive, flexible and innovative.

And, doing so while protecting the business from internal and external threats is how modern enterprises can engender the kind of trust that keeps customers coming back.

Download image
Network functions virtualisation: What is is, how to use it, and why it matters
Network functions virtualisation (NFV) is fast becoming the go-to method of simplifying corporate networks from planning, through deployment and management.More
Story image
Exabeam and Code42 partner up to launch insider threat solution
The solution will give customers a fuller picture of their environment, and will leverage automated incident response to obstruct insider threat before data loss occurs.More
Story image
Report: 151% increase in DDoS attacks compared to 2019
It comes as the security risk profile for organisations around the world increased in large part thanks to the COVID-19 pandemic, forcing greater reliance on cloud technology and thrusting digital laggards into quick and unsecured migrations.More
Story image
Ripple20 threat could affect 35% of all IT environments – ExtraHop
The vulnerabilities have the potential to ‘ripple’ through complex software supply chains, enabling attackers to steal data or execute code.More
Link image
Webinar: Best practices for managing disparate security solutions
As budgets get more constrained, the emphasis shifts from merely finding threats to increased efficiency in managing security operations. Learn how to juggle a crowded field of solutions.More
Link image
How to better protect your organisation's most valuable asset - its data.
Data resilience strategies are becoming increasingly critical in relation to the skyrocketing value of data and the proliferation of malicious entities wishing to steal it.More