sb-au logo
Story image

Building digital trust in 2018: Security predictions from CA Technologies

17 Jan 2018

Article by CA Technologies president and GM for APJ, Martin Mackay.

As technologies such as mobile devices, cloud, social media, and IoT become increasingly pervasive, they bring about more opportunities for organizations to expand, innovate, and optimize.  Underpinning the successful deployment of these innovations is digital trust, the primary currency of today’s modern enterprises.

On the other hand, new technologies materially increase the threat of cyberattacks and data breaches. Security incidents are seemingly becoming more and more commonplace today. Over the last few years, many companies, of various sizes, have experienced major data leaks. Clearly, security threats are increasing and it is becoming a challenge to keep up.

Security can no longer be an afterthought

In today’s security environment, it is critically important for security to be integrated seamlessly throughout the whole software development lifecycle. A “bolt-on” approach to security is not only inadequate, but might also cause immense, irreparable damage to an organization’s operations and reputation. However, historically, developers have not been overly concerned with the security of an application; their focus has been on functionality. 

Fortunately, businesses are realizing that protecting their apps after the code is written is a reactive approach that is simply –  too little, too late. In fact, a recent study conducted by CA’s Veracode found that 62% of IT pros felt app security was very important to their development team. The same study also uncovered that 43% of IT pros stated that fixing flaws during development is easier than patching.

DevSecOps gaining traction in the new year

The integration of Development and Operations – DevOps – is gaining widespread traction.  The evolution of this concept is DevSecOps – Development – Security – Operations where security is integrated into all processes.  Given the critical nature of establishing and maintaining digital trust for all organizations, we see DevSecOps gaining increasing visibility this in 2018.  

The basic principles of DevSecOps are built upon the idea that security is critical throughout the entire software development lifecycle and everyone in the software development lifecycle is responsible for security.  Companies that embrace DevSecOps deliver better and more secure software because of the focus on collaboration and alignment across disciplines.

Enterprises are realizing that the key to success is the customer experience and without digital trust – security – the customer experience is potentially catastrophic.  

The only way to deliver that experience is to ensure app security; the optimal way to ensure app security is to automatically scan code for vulnerabilities starting from development, through production, and continuing through deployment. This is one of the most effective ways to minimize risk and protect applications—and the business—from cyber incidents and massive data breach.

Identity-centric approach – the new face of security

At the same time, due to the convergence of cloud, mobile, IoT and the demand for always-on access, enterprises are becoming highly distributed digital enterprises that house web and mobile apps on-premises, in the cloud or in hybrid environments while user access requests can come from a broad spectrum of locations and devices.

As a result, the archaic approach to security where network perimeter controls user access simply cannot keep up with current demands. Now, people and things are the new perimeter, and their identities are the single unifying control point across all devices, apps and data. With the cost of identity fraud rising to $16 billion, verifying and securing user identities are more important than ever.

An Identity-centric security, which comprises of multi-factor advanced authentication and identity management, reduces risk by employing trusted-user management. This enables businesses to verify all access to critical assets and resources while reducing the risk of insider threats. It allows companies to take an enablement-focused approach that first and foremost protects the business, but also facilitates growth and innovation.

In today’s application economy, security no longer represents just a digital assets custodian, it is a critical business enabler. The right enterprise security can give an organization’s employees, partners and customers the seamless, consistent access they need to be more productive, flexible and innovative.

And, doing so while protecting the business from internal and external threats is how modern enterprises can engender the kind of trust that keeps customers coming back.

Story image
Quantum extends Veeam partnership in a bid to protect against ransomware
“Quantum continues to expand its partnership with us and we are pleased to add ActiveScale object storage to a select group of S3 targets that can provide robust ransomware protection for our joint customers."More
Story image
Rapid shifts to the cloud may leave organisations at higher risk of cyber threats
While cloud migration isn’t simple, it can be enabled and improved using the right security tools.More
Story image
Creating a strong culture of security within organisations
CISOs worldwide are inherently aware of how significant investment in cybersecurity strategies and technologies can bolster an organisation’s protection against cyberattacks. However, many overlook the importance of culture when it comes to cybersecurity.More
Link image
Getting customer identity & access management right first time
Logins, account verification, single sign-on... they are essential for securing the customer experience. Learn about the five pillars of CIAM so you make no mistakes.More
Story image
Three steps to a security-driven network for a stronger security posture
As the threat landscape continues to evolve and organisations stand to lose so much if they fall victim to an attack, it’s essential to ensure that security measures evolve in line with the network itself.More
Story image
Women in tech: Equality journey not over
The idea of gender equality represents more than just physical bodies through doors. It is also the notion of perceptions, feelings, stereotypes and opportunity.More