Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cloud
    • Cybersecurity
    • IT Management

    The Security Implications of Application Proliferation

    Security professionals face growing challenges as their organizations increase both the number of applications deployed and the pace at which these applications change.

    By
    eWEEK EDITORS
    -
    October 28, 2021
    Share
    Facebook
    Twitter
    Linkedin

      Digital transformation, the urgencies of the pandemic and the broader emergence of software- defined enterprises mean that organizations now rely on applications more than ever to keep their businesses running. However, many times these mission-critical applications are not sufficiently protected and are often accessed by remote users on untrusted networks – exposing them to a range of risks and threats.

      Recently, Fortinet and CyberSecurity Insiders conducted an international survey of cybersecurity professionals to help understand the challenges those professionals face as their organizations increase both the number of applications deployed and the pace at which these applications change.

      The survey found that 48% of respondents were using more than 100 unique applications in their environment; 26% reported using more than 500 unique applications. This proliferation of applications added greater complexity and exacerbated existing application security challenges.

      Data Point No. 1: Cybersecurity and cloud security skills gaps remain a worrisome reality.

      Many survey participants believe that they don’t have the skilled staff to keep pace with the ever-evolving threat landscape. In fact, 46% of survey respondents said lack of skilled personnel tops the list of barriers that organizations are facing when securing their web applications.

      Data Point No. 2: Breaches happen often, and customers don’t catch all of them.

      Forty-three percent of organizations admitted to experiencing application breaches or compromises.

      However, 35% of respondents acknowledged that they did not know when the last breach occurred. As Fortinet’s FortiGuard Labs’ 2021 mid-year Global Threat Landscape Report indicates, the volume of ransomware attacks in the past year has increased ten-fold. Notably, prominent web application technologies such as Drupal, vBulletin and PHP consistently show up in the top 10 list of technologies being targeted by threat actors.

      Data Point No. 3: The rate of CI/CD makes security harder.

      On average, organizations publish 25 software updates into production every month. That means consistent and frequent threat and vulnerability testing is critical. Yet only 21% of respondents confirmed that they test every time the code changes.

      Data Point No. 4: Organizations don’t feel confident about their security.

      A little less than half of surveyed organizations said they’re very or extremely confident about their application security. With an average of 25 application updates every month, multiplied across hundreds of applications, the operating environment is shifting far faster than the ability of security teams to keep pace.

      Data Point No. 5: Organizations shouldn’t bolt on security.

      Security should be a concern across the software development life cycle and for every part of the organization. This means applying application vulnerability management throughout the development cycle to proactively detect and mitigate issues before release.

      Use automated testing tools as much as possible so that software is being analyzed for vulnerabilities as its being developed. Security should be an integral part of the entire application life cycle – from development to end-of-life.

      This requires both an organizational and a cultural shift towards embracing security across development, IT and security teams.

      Data Point No. 6: The need to patch and implement a rigorous vulnerability management is real.

      Vulnerability management and basic cybersecurity hygiene is foundational and yet, it’s one of the hardest things to get done consistently and at scale. It requires a continuous commitment to scanning, patching, and testing to ensure effectiveness – better that you find a vulnerability than an attacker.

      Lack of visibility, unintended consequences of patching and custom software all make it challenging for even the largest organizations, but the time and effort invested are well worth it.

      Data Point No. 7: Web applications are the target, so protect them with a WAF. 

      Almost 80% of all attacks now target web applications according to the 2021 Verizon Data Breach Investigations report. So, protect them with Web Application Firewalls (WAF), which are designed to detect and block malicious traffic from reaching your web applications.

      Acting as a proxy for the application server, a WAF can also block the illegitimate exfiltration of data. As with all security tools, invest in time to properly configure and maintain your WAFs.

      Data Point No. 8: Implement Zero Trust and MFA to restrict access.

      Almost every data breach involves the compromise or abuse of privileges to gain access to key applications. Therefore, strive to limit access to key applications to only those users who absolutely need them to perform their jobs. Implementing Zero Trust, Multi-Factor Authentication and Privileged Access Management strategies are proven ways to protect critical network resources and help ensure that only legitimate access is granted.

      Secure those apps

      Application security is an essential element of every organization’s security strategy. It should be approached with a holistic perspective that links application security from development through production to end-of-life, combining teams and tools to mitigate threats while ensuring performance.

      Security fabrics provide a broad set of integrated technologies and automation to provide better visibility and control across the LAN, WAN, data center and cloud edges to secure those critical applications.

      About the Author: 

      Jonathan Nguyen-Duy is VP, Global Field CISO at Fortinet

      eWEEK EDITORS
      eWeek editors publish top thought leaders and leading experts in emerging technology across a wide variety of Enterprise B2B sectors. Our focus is providing actionable information for today’s technology decision makers.

      MOST POPULAR ARTICLES

      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×