The Forrester State of Application Security 2022 report noted that applications are the top cause of external breaches. Software supply chain concerns added complexity.
Forrester says security professionals need to find a way to move beyond a tactical and reactive mindset to rebuild application security that integrates tightly with development and focuses on strategic concerns.
Rick McConnell, CEO of Dynatrace, says the move to agile methodologies, combined with the complexity of cloud-native applications and the higher frequency with which code is pushed to production, has heightened the risks that organizations face.
“This has created the need for application security practices that are fully automated and can detect vulnerabilities and facilitate remediation across the software development cycle.”
With cloud adoption on the rise in Asia, are organisations taking appropriate steps to ensure that their data and processes are secure?
According to McConnell, organisations struggle with this very question. How much investment is enough? Businesses can always spend more on security. But at what level?
He posited that an organisation should answer whether they are satisfied with the spend that is delivering the value-add that you need to protect your infrastructure. It will be an ongoing problem for organisations.
“For most software infrastructures in enterprises, business leaders want to see everything. In a sense, we provide such observability by ‘lighting up’ the cloud environment, if you will. Besides wanting to observe everything, organisations want improvements in efficiency, and smarter operations, through AI assistance and software intelligence,” he continued.
What steps should companies consider, whether they're local or regional, to ensure that they go beyond the minimum standards around securing the application, the data and the systems?
McConnell believes the starting point is to develop a blueprint around what your cloud environment should look like, and the level of security required to make that blueprint work to an organisation’s favour.
“There needs to be a methodology to bring infrastructure, cloud, application performance, and digital experience monitoring altogether. Yes, within the region there are different levels of legislation regarding cloud and application security."
Rick McConnell
Countries like Singapore and Thailand are stepping up with stricter laws to protect the public’s data. It is highly recommended that an organisation that holds such information can view what’s happening in its cloud without restrictions. Just deciding that an organisation is going to do digital transformation and move to the cloud is not sufficient to ensure a protected secure environment.
Are all application performance monitoring (APM) solutions that are designed for the cloud created equal?
McConnell doesn’t think so. He says APM tools assist by detecting and pinpointing performance issues before real users are affected. Monitoring is of course in this instance, extended beyond mobile apps and business applications, but to networks, logs, and processes.
He explained that in the case of his company, not only does Dynatrace incorporate traces, logs, metrics, behavioural analytics, and metadata, but all forms of data also assemble together. The company processes those through an integrated intelligent AI ops engine.
“That engine essentially automates response to where issues exist in an organisation’s infrastructure or applications. This allows Dynatrace to locate the root cause of a performance problem, something that IT teams find hard to do,” he added.
If an organisation is using some form of APM today, is there a baseline from which the company can benchmark how they are using APMs to ensure that they meet the minimum international standards if such a thing exists?
McConnell opines that what most organisations are still doing in APM is they're using open-source technologies, or they design them themselves.
Dynatrace has found that organisations designed data to the last, and they give them an analytical view as to what's happening in their environment. What customers and partners want is that they really want to know precisely where an issue has occurred in their applications.
Technology continues to evolve. How does one approach an APM strategy that goes beyond this year's version or even next year's version?
McConnell concedes being biased when he suggested: “Pick a provider that is focused on innovation and maintaining innovation at a level that continues to perform at high standards.”
“Today, an organisation needs to be cloud-native and needs to be thinking about application security. They need to be thinking about all those data types that were discussed earlier, and with processing, through an intelligent AI ops engine. For the complex multi-cloud environment we’re living in, an organisation needs an intelligent AI that continues to evolve and adapt to new threats,” he concluded.
Click on the PodChat player and hear McConnell’s perspective on the growing threat of application vulnerability and steps the CIO, DevOps and SecOps teams can do to mitigate these.
- Application vulnerability in the cloud – how real is the problem?
- Cloud migration is on the rise. Are organisations taking appropriate steps to ensure that applications, data and processes are secure?
- In regions like Asia, where local/national rules about the use of cloud technologies vary in terms of maturity and sophistication, what steps can companies, local and regional, take to ensure they go beyond the minimum standards around securing both applications, data and systems?
- Going specifically on application performance monitoring, are all APM solutions (in the cloud) created equal?
- If an organisation is using some form of APM, is there a baseline from which the company can benchmark how they are using APMs to ensure they meet minimum international standards (if such exists)?
- Technology continues to evolve, how does one future-proof its APM strategy beyond 2022?
