Lack of visibility, gaps between teams and a
need for future-proofing AI reinforces the need for “Best-of-Breed’
tooling with vendor independent governance
ArmorCode, the leading provider of AI-powered Application
Security Posture Management (ASPM) for managing and reducing risk
across applications, infrastructure, and the software supply chain,
and Tech Target’s Enterprise Strategy Group (ESG) today announced
the findings from new research, “Modernizing Application Security
to Scale for Cloud-Native Development.” The new report uncovered a
growing desire to evolve from traditional application security and
DevOps processes to modern AppSec and DevSecOps processes allowing
for more integration and visibility between security and developer
teams. The report also highlighted the need to develop a modern
AppSec framework that is future proof, while enabling AI and
DevSecOps teams to thrive. The ArmorCode-sponsored ESG report
includes survey responses from hundreds of IT, cybersecurity, and
application development professionals at mid-size and enterprise
organizations.
State of AppSec Teams
AppSec teams are overburdened and under-resourced, especially
considering that for every AppSec engineer, there are often more
than 100 developers. According to ESG, organizations are adopting
DevSecOps at an increasing rate, from 38% today to 48% over the
next 24 months. This tighter alignment between development and
operations teams, and its subsequent pace and scale, is straining
security teams. In fact, security teams admit they struggle to
implement consistent security tools and processes across the
organization in ways that support development rather than slow it
down. Since security teams are spread so thin and limited on
resources, 42% report that they have no visibility at all into what
developers are doing to test and fix their code. As a result, the
lack of security checks (guardrails) and visibility into software
development are two of the top three challenges that teams report,
in addition to prioritizing remediation efforts based on risk,
rather than just severity.
“As organizations are investing in DevSecOps initiatives and
modernizing their application security programs, ASPM solutions can
provide a vendor independent governance layer needed by teams to
improve visibility, manage risk, and gain the context and
efficiency needed to focus remediation actions on what matters
most,” said Melinda Marks, practice director, cybersecurity,
Enterprise Strategy Group. “Any medium to large enterprise has
multiple scanning tools using different programming languages, so a
vendor-independent governance layer can better orchestrate
application security testing within developer workflows, while
providing security teams with the control and visibility they need
to support scale.”
Future Proofing AI in DevSecOps
The tidal wave of generative AI, while important for
modernization, is also increasing pressure on DevSecOps. The role
of AI in AppSec and the responsibility for security teams in
ensuring the safe usage of AI across the organization are top of
mind for respondents. 97% of organizations are currently using, or
have plans to use, generative AI in software development. However,
security teams feel outnumbered and report to be “very concerned”
around nearly every aspect of securing that AI usage. Identifying
or flagging sensitive data shared with GenAI frameworks, the
security of APIs related to usage of GenAI and governance and
policies to manage usage were all top concerns. As such, these
organizations need to future proof their security programs around
AI with a focus on a new approach to modernizing their application
security.
“Having spent the past 30 years in the trenches of
cybersecurity, I’ve experienced firsthand how siloed approaches
challenge the best run organizations, causing breakdown in teams
working to deliver secure software and manage vulnerabilities.
Throw in the complexity of AI, on top of challenges in securing
legacy public and private clouds, and today’s cybersecurity teams
are struggling mightily. ArmorCode is purpose-built to secure what
exists today and speed the adoption of new technologies, to
simplify security and drive the collaboration required to better
manage risk - measurement, management and communication of risk is
the new requirement for every security team today,” says Karthik
Swarnam, CSTO of ArmorCode.
Independent Governance Enables Best-of-Breed Adoption
Faced with the complexities of modern application development
and the rapid accelerant that AI represents, security teams report
a need for flexibility, unified visibility, and a new approach to
AppSec. Given the current state of AppSec, it’s no surprise that
98% of organizations are planning to invest in new security
solutions to modernize their AppSec programs to keep up with AI,
DevSecOps, and the needs of their business. There are several
approaches to modernizing AppSec programs, but 56% of organizations
prefer to take a best-of-breed tools approach and leverage a
platform that enables them to customize tooling choices across
their enterprise.
ArmorCode has long supported its medium and large Global 2000
enterprise customers who have complex environments from
applications on mainframes to modern AI applications in these
efforts. With an AI-powered ASPM Platform acting as a
vendor-independent governance layer, ArmorCode enables security
teams to deliver consistent processes and workflows to all groups
across the enterprise, no matter the underlying tools and
technologies used. This allows organizations to take a
best-of-breed approach, future proof against AI risks, and maintain
the visibility and process maturity required to keep pace with the
speed and scale of development efforts. In bringing together
different teams, ArmorCode enables organizations to build
security-first relationships from the inside out. Through
empowering strong security champions, ArmorCode helps organizations
embrace DevSecOps and reach the high ground ahead of the coming
rise of AI indicated in ESG’s research.
To see the full findings from the ESG survey, download your copy
HERE.
To read more about ArmorCode, our 250 plus integrations, and how
we’ve processed over 10 billion findings, please visit HERE.
About ArmorCode
ArmorCode is on a mission to supercharge security teams with a
new model to reduce risk and burn down critical security tech debt.
With its AI-powered ASPM platform, ArmorCode integrates with all
your security scanners across applications, infrastructure,
containers, and cloud to unify and normalize findings, correlates
them with business context and threat intel through intelligent
risk scoring, and orchestrates security workflows to empower
developers to remediate issues without disrupting their flow.
ArmorCode delivers unified visibility, AI-enhanced prioritization,
and scalable automation for customers so they can realize a
complete understanding of risk, respond at scale, and collaborate
more effectively.
Enterprises of all sizes scale their security effectiveness by
more than 10x and maximize their ROI on existing security
investments with ArmorCode through managing Application Security
Posture Management, Risk-Based Vulnerability Management, Software
Supply Chain Security, DevSecOps, and Risk & Compliance.
For more information, visit www.armorcode.com.
View source
version on businesswire.com: https://www.businesswire.com/news/home/20240815082433/en/
RH Strategic for ArmorCode Armorcodepr@rhstrategic.com