By Joe Byrne, CTO Advisor, Cisco AppDynamics
The shift to modern, distributed applications has led to a dramatic increase in attack surfaces, with organizations increasingly vulnerable to revenue and reputation-impacting security risks. According to Red Hat, 93% of businesses have experienced at least one security incident in their Kubernetes environments in the past 12 months — and 31% have experienced financial or customer loss as a result.
Growing adoption of cloud-native application development is allowing organizations to innovate at greater speeds and instill agility into their operations, but it is also exponentially raising complexity for application and security teams. In a recent Cisco study, 92% of global technologists admitted that the rush to rapidly innovate and respond to the changing needs of customers has come at the expense of robust application security during software development.
As a result, many organizations are now struggling to cope with an explosion of security incidents within their modern applications, as bad actors look to exploit vulnerabilities within Kubernetes environments with ever more varied and sophisticated attacks.
Application security is now a business-critical imperative
IT teams need to act quickly and decisively in order to protect their customer data and the reputation of their organizations. And this means ensuring they have the tools, insights and working practices to bring together applications and security teams to securely develop and deploy modern applications. Crucially, businesses need to apply business context to their security findings so that teams can rapidly locate, assess and prioritize risk, and then remediate issues based on potential business impact.
Applications are now the front door for almost every business across every industry, and market leadership and commercial success are driven by the ability of organizations to deliver ever more intuitive and seamless digital experiences to their customers.
It follows, therefore, that brand trust and loyalty is now built upon application security and performance. However, with the shift to cloud-native technologies, vulnerabilities can occur anytime and anywhere, making it incredibly difficult and time-consuming for application teams and security teams to assess risks and prioritize actions.
Organizations need clear visibility of each new security risk with real-time vulnerability analytics. But with so many new and constantly changing threats within Kubernetes environments, traditional vulnerability scanning solutions simply don’t provide adequate information.
The need for business risk observability
Don't miss out on any breaking news or insightful opinions!
Subscribe to our free newsletter and stay updated on the go!
By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email.
Security teams have to be able to quickly assess risks based on potential business impact, align teams and triage threats. And in order to do this they need to rapidly understand where vulnerabilities exist across application entities – business transactions, services, workload, pods and containers – so that they can quickly isolate them. They then need to assess the severity of these risks, the likelihood that they will be exploited and the risk to the business of each issue.
This type of business risk observability is essential for technologists to understand and prioritize risks. By combining application performance data and business impact context with vulnerability detection and security intelligence, IT teams can prioritize security issues with a business risk score, which allows them to easily identify which business transactions present the greatest risk to the business. For instance, they can assess the sensitivity of customer data associated with a particular business transaction or calculate the potential loss of revenue.
By prioritizing security issues with business context, organizations can improve key metrics such as mean time to detect (MTTD) and mean time to remediation (MTTR). Rather than being stuck on the back foot, scrambling to identify and fix the most pressing issues, IT teams can work together and take a more strategic approach, based on real-time business transaction data.
Encouragingly, technologists are recognizing the need for change – 93% state that it’s now important to be able to contextualize security so that they can correlate risk in relation to other key areas such as the application, user and business, and to prioritize vulnerability fixes based on potential impact.
Crucially, business risk observability helps organizations to bring their applications and security teams together around a single source of truth for all application availability, performance and security data. In the era of zero-day threats, where vulnerabilities can remain unknown for long periods of time,
all teams need to work cross-functionally on secure deployments of modern applications.
Business risk observability provides a platform for IT departments to shift to an integrated DevSecOps approach. Teams are able to collaborate far more effectively and embed security into the application lifecycle from the outset, with development teams adhering to the organization’s most critical security priorities.
With Gartner predicting that 95% of new digital workloads will be deployed on cloud native platforms by 2025, Kubernetes within modern application environments will become an increasingly attractive target for bad actors to exploit vulnerabilities over the coming years. And for IT leaders, this represents a significant new threat that they simply haven’t had to consider before. Applications security will need to become a major priority for IT departments in all sectors.
Business risk observability provides organizations with the means to manage this explosion in threats, and to develop and deploy cloud native applications in a secure way. In doing so, they can continue to accelerate their digital transformation programs on a sustainable basis and ensure that their applications are delivering maximum value to customers and the business.