Application Security is More Critical Than Ever

            Software security is not my strong point but, as a security professional, I understand the utmost importance that is required for ensuring applications are secure.  These are the entry points for users and hackers alike – the most common attacks occur at the Application level these days. 

 

            There are five major trends in thinking about software security. 

 

1.      Software is used to run everything today.  Every modern system uses software on some level, and companies are the largest consumers of these applications.  From your television to the critical system controller that takes care of power distribution, computers exist in everything and in everything there is software to be run.  One of my biggest problems with how technologically advanced things have become is the use of computers within cars.  Every night I see someone driving around this city in their late model SUV without their lights.  You drive by and see that the dashboard is lit up – great! – but flashing these people results in oblivious, blank stares.  Technology has gone too far when it compromises the safety of those around you.

2.      Software results in too much information being produced.  Data needs to be accumulated and used for risk management purposes.  For software developers, it is important to examine security functionality throughout the entire SDLC, to ensure a strong, secure portfolio of applications.

3.      BYOD is becoming the normal way to conduct business.  Your enterprise needs to be aware of this and prepare the protective controls necessary to ensure functionality is maintained while data is secured.  Requirements for sandboxing special applications as well as integration between corporate and device-proprietary apps will be demanded.  This will be a security headache moving forward.

4.      Software development requirements have blasted off.  Software needs to be developed faster than ever, and security code reviews are being neglected.  Languages for such software continue to predominately be Ruby, JavaScript, JavaScript Object Notation, and Python.  This means more demand for cloud services, touchpoints that can be undergone quickly, and lighter built in security analysis for developers. 

5.      Surveillance has hit big data.  The NSA cannot be the only large government entity watching everything we do – don’t fool yourself.  This means privacy protection services will be in high demand.

 

Your organization needs to recognize these and other trends in information technology in order to stay on top of security requirements.  What you do to protect yourself and your data will make all the difference.  Software development is exploding and the requirement for application security is more important than ever before.