Organizations are beginning to understand the application economy demands a new view and approach to security, according to results of a survey sponsored by CA Technologies and conducted by Vanson Bourne.
Improving the mobile customer experience was cited as a top security priority (42 percent), second only to protecting against data breach (56 percent), according to the study, which was based on a survey of 1,425 senior IT and line-of-business executives from 13 countries, including the United States.
In addition, 49 percent of respondents said mobility has a significant impact on security practices and policies with respect to customers.
"Opening business data as APIs can greatly benefit business with faster application delivery, better customer engagement and even new revenue models," Michelle Waugh, vice president of security business for CA Technologies, told eWEEK. "But to realize those advantages, the APIs must be secured. For example, if you don’t know who is accessing your APIs, you cannot generate revenue. And they can be exploited by unauthorized developers."
She noted the Snapchat breach is one example of where an API was not secured and allowed consumer private info to be exposed.
To facilitate the need to innovate and release applications more quickly, 79 percent of respondents are opening their data as application programming interfaces (APIs).
Nearly half (48 percent) of respondents recognize that business enablement is an important benefit of security and can drive growth, and 78 percent of respondents have seen or expect to see increased revenue from new services enabled by improved security.
The report also indicated a new view toward security and the protection and enablement it offers has sparked an increase in security investment. According to respondents, 25 percent of all IT spending will be devoted to security in the next three years, up from 18 percent today.
"Application security may not have been a concern for consumers until they started to see instances of application insecurity in several high-profile breaches last year, such as Twitter, iCloud or Snapchat, just to name a few," Waugh said. "Those breaches certainly impacted some consumers and made them adopt the enhanced security measures offered by some of the apps. But I’m sure there are still consumers out there who don’t think or care about certain private data being exposed — until it happens to them."
She predicted applications and systems will start to be treated with a security-first attitude as they are created, and stronger or deeper security measures, such as advanced authentication, encryption or biometrics, will become a standard.
"The security approach must extend beyond the app and address end to end security -- from the consumer, the application and their devices, all the way to data centers that increasingly reside in the cloud," she said.