Brands must take an application-led approach to security

Person pressing security symbol in a network of symbols
(Image credit: Shutterstock)

As Cyber Security Month gets underway, consumers are being encouraged to ‘#BeCyberSmart’ and “focus on general cyber hygiene to keep your information safe”.

Without doubt, the need for all of us to think and act carefully when it comes to how we share and protect our personal data has never been greater. The use of applications and digital services has sky-rocketed since the start of 2020, as people have relied almost exclusively on digital services in almost every area of their lives.

About the author

Gregg Ostrowski is Executive CTO at AppDynamics.

The number of applications people are using regularly has risen by a staggering 30% since the beginning of 2020, according to the recent The App Attention Index 2021. And of course, a major element of this increase is amongst people who are new to digital services, forced to use applications for the first time during lockdown to buy groceries, stay connected to friends and family and access critical services.

Sadly but unsurprisingly, this rapid switch to digital, and the sudden introduction of millions of vulnerable people into cyberspace, have presented a massive opportunity for cybercriminals to exploit. As Jürgen Stock, Secretary General of INTERPOL, reported as far back as August last 2020: “Cybercriminals are developing and boosting their attacks at an alarming pace, exploiting the fear and uncertainty caused by the unstable social and economic situation created by COVID-19.” The scale and sophistication of these threats have only increased since.

Consumers want it all in the Total Application Experience

With people using a wider range of applications during the pandemic, their eyes have been opened to the incredible digital experiences that many brands are now delivering. Expectations for applications have soared and, at the same time, tolerance for anything less than the best digital experiences has all but disappeared.

Consumers now demand the ‘total application experience’, a high-performing, reliable, digital service which is simple, secure, helpful and fun to use. And they expect these services to be personalized to their own individual needs and add real value to their lives.

What is really noticeable is the importance that people are now attaching to cybersecurity. In fact, when asked to characterize the elements that make up this optimum digital experience, security is the most important factor, with 62% of people citing it as critical.

You might have thought that with consumers being so overwhelmingly reliant on digital services for almost everything during the pandemic that any concerns around data and privacy would have been diminished or overridden but that simply hasn’t been the case.

And similarly, even though people are now demanding the most innovative, intuitive and personalized digital experiences every time they use an application, they absolutely do not want this to compromise their security. 90% of consumers now expect their data to be held safely and securely.

An application-first approach to meet the new security challenge

For IT and security teams, the dramatic increase in demand for applications and digital services, coupled with these heightened expectations for flawless application performance, presents a huge challenge.

Across all sectors, we’ve seen rapid acceleration in adoption of cloud computing technologies over the last 18 months, to meet consumer appetite for new digital services and respond to changing customer and business needs. But this has meant that organizations now find themselves trying to manage and protect soaring volumes of customer data across an increasingly sprawling IT estate.

Technologists that were previously looking after a relatively consistent and fixed IT infrastructure now find themselves getting to grips with a fluid, constantly evolving IT estate, where customer data is stored across distributed locations, often under different jurisdictions. At the same time, they’re facing an unprecedented rise in malicious security threats and a growth in modern applications complexity, running on-prem, multi-cloud and cloud-native microservices.

The only way that organizations can begin to get their arms around this challenge is to embrace a new approach, where security is a major consideration and driving force at the beginning of the development cycle, rather than an add-on at the end. We need to move away from the long-held belief that proper application security posture inhibits speed and innovation.

This means discarding perimeter-based solutions that rely on traffic routing through them and assumptions on what the application might do with the payload. It’s simply not feasible to continue with an approach where it’s taking application and security teams an average of 280 days to detect and contain a data breach.

Instead, technologists need to embrace a new approach that protects the application from the inside-out. An application-first approach enables IT and security teams to identify vulnerabilities and threats within the application in production, and to protect the application against attacks in real time. This in turn allows them to correlate security and business data to prioritize remediation based on potential business insight.

In order to implement this new, proactive approach to security, app and security teams need to have the right tools at their disposal. They need to ensure that wherever an application runs, they’re able to organically add security capabilities from within the runtime.

In doing so, they can protect the application environment and continue to deliver the ‘total application experience’ that customers have come to expect.

Gregg Ostrowski, CTO Advisor, Cisco Observability.