Comprehensive study shows an urgent need for
organizations to adopt a modernized approach to their application
security processes
BOSTON,
Aug. 16,
2024 /PRNewswire/ -- Legit Security, the definitive
application security posture management (ASPM) leader providing
end-to-end visibility and protection across the entire software
factory, and TechTarget's Enterprise Strategy Group (ESG), a
leading IT analyst, research, and strategy firm, today announced
the publication of Modernizing Application Security to Scale for
Cloud-native Development. The report delves into the
development trends driving the need to modernize application
security programs and evaluates pressing challenges that
application security teams encounter with their current tools. The
findings underscore the urgency for organizations to modernize
their application security practices so that they can support
growth and mitigate risks.
"Organizations are increasingly adopting new
technologies so that they can bolster their software development,
and as modern development has changed, so have attacker tactics,"
said Joe Nicastro, Field CTO, Legit Security. "Development
teams are using cloud-native technologies to drive efficiency and
optimize innovation, but this often leads to a larger attack
surface due to misconfigurations, vulnerable plug-ins, and
excessive permissions throughout the SDLC. In today's environment,
organizations must adopt security solutions that can protect their
software factory from end-to-end while providing developers with
the guardrails they need to do their best work safely."
The report found that application teams face a
number of challenges, such as keeping up with the speed and volume
of releases and prioritizing remediation. These challenges
highlight the importance of a modernized approach and alignment
with development and DevOps teams for improved collaboration.
Additionally, nearly all organizations reported difficulties in
fixing vulnerabilities after applications are deployed, reinforcing
the significance of incorporating security processes and tools in
the build process.
The report's key findings include:
- 60% of organizations use IaC to simplify infrastructure
provisioning and easily deploy software applications. However, with
increased IaC adoption, misconfigurations can be magnified because
flaws are easily proliferated if not addressed. Of particular
concern, 67% of respondents report an increase in IaC
misconfigurations.
- 45% of security teams supporting cloud-native development
processes said understanding and managing risks related to usage of
generative AI is their biggest challenge, followed by measuring and
improving AppSec program effectiveness, and understanding
developer environments and assets to effectively manage
security.
- The majority of organizations experienced a cybersecurity event
involving their cloud-native application stack in the last 12
months, with secrets stolen from a source code repository (32%)
coming in as the most common incident.
- Only 39% of organizations report that their security teams have
visibility for certain applications, reinforcing the necessity for
visibility into security testing in development.
"Our research calls attention to how traditional
application security teams need solutions that support modern
development processes as they scale to drive productivity and
business growth," said Melinda
Marks, Practice Director, Cybersecurity, Enterprise Security
Group. "The research showed that in addition to securing the
applications, security teams need to address security related to
how developers work, including secrets, pipeline tools, containers,
and source code repositories. While these elements enable
developers to work quickly and collaborate, the added attack
surfaces and chance for mistakes become greater as development
scales. By understanding and addressing these areas, organizations
can improve their security programs. This is important as we have
seen all too often that just one incident can have severe
ramifications on the business, including data loss, business
disruption, application downtime, customer data loss, malware, and
compliance fines."
To download the report, visit
http://info.legitsecurity.com/esg-modernizing-application-security-to-scale-for-cloud-native-development.
To read our latest blog and perspective on the
report, visit
https://www.legitsecurity.com/blog/esg-survey-report-finds-ai-secrets-and-misconfigurations-plague-appsec-teams.
Methodology
TechTarget's Enterprise Strategy Group
surveyed 350 IT, cybersecurity, and application development
professionals in North America (US
and Canada) responsible for
evaluating, purchasing, and utilizing developer-focused security
products (i.e., application/code security testing tools, software
composition analysis, policy-setting tools, remediation tools,
etc.).
About Legit Security
Legit is a new way
to manage your application security posture for security, product,
and compliance teams. With Legit, enterprises get a cleaner, easier
way to manage and scale application security and address risks from
code to cloud. Built for the modern SDLC, Legit tackles the most
challenging problems facing security teams, including GenAI usage,
proliferation of secrets, and an uncontrolled dev environment. Fast
to implement and easy to use, Legit lets security teams protect
their software factory from end to end, gives developers guardrails
that let them do their best work safely, and delivers metrics that
prove the security program's success. This new approach means teams
can control risk across the business – and prove it.
About ESG
Enterprise Strategy Group is
an integrated technology analysis, research, and strategy firm
providing market intelligence, actionable insight, and go-to-market
content services to the global technology community. It is
increasingly recognized as one of the world's leading analyst firms
in helping technology vendors make strategic decisions across their
go-to-market programs through factual, peer-based research. ESG is
a division of TechTarget, Inc. (Nasdaq: TTGT), the global leader in
purchase intent-driven marketing and sales services focused on
delivering business impact for enterprise technology companies.
Media Contact for Legit
Security:
Michelle
Yusupov
Hi-Touch PR
443-857-9468
yusupov@hi-touchpr.com
SOURCE Legit Security
