 |
VOOZH | about |
|
VOOZH | about |
We’re so glad you’re here. You can expect all the best TNS content to arrive Monday through Friday to keep you on top of the news and at the top of your game.
Check your inbox for a confirmation email where you can adjust your preferences and even join additional groups.
Follow TNS on your favorite social media networks.
Become a TNS follower on LinkedIn.
Check out the latest featured and trending stories while you wait for your first TNS newsletter.
Dynatrace sponsored this post.
Dynamic multiclouds are the platform of choice for digital transformation, with DevOps accelerating deployment speeds for new releases and cloud native applications becoming increasingly interconnected. But, as a recent research study of CIOs around the world reveals, the pace of digital transformation is driving overwhelming levels of complexity in these environments. According to the research, 89% of CIOs say digital transformation has accelerated over the past 12 months, with 86% attributing that increase to adopting cloud native technologies — including containers, microservices and Kubernetes. All of this has resulted in what two-thirds of CIOs say is a dynamic multicloud environment that is so complex it is now beyond human ability to manage.
This level of cloud complexity has another downside. Cloud native app development processes are now starting to break traditional approaches to app security. Web service integrations are creating holes in firewalls, intrusion detection systems are failing to capture network content, and vulnerability scanners are missing real-time changes in production and pre-production environments. These gaps point to how dynamic multiclouds — and specifically the containers, microservices and Kubernetes platforms these environments are built on — have made traditional app security approaches insufficient. These traditional security models can no longer meet the needs of the C-Suite or the DevSecOps teams that rely on them, leaving the door open for dangerous gaps in application security.
Here are three reasons why traditional app security approaches are falling short of what dynamic multicloud environments need, and why an upgrade is overdue.
Open source and Kubernetes introduce a new level of risk and complexity that existing application security approaches can’t match.
Over the past 12 months, nearly one-third of organizations traced a data breach back to open source components in their enterprise applications. This is troubling when an estimated 80% to 90% of enterprise applications are comprised of open source components. Kubernetes package managers introduce even more risk: more than two-thirds of Helm charts contain an image with at least one high-risk vulnerability, and over 60% of organizations are either unaware of the baseline Kubernetes security measures they should be using, or are aware but simply don’t use them.
Taken together, cloud native app development and Kubernetes are introducing new layers of complexity that leave traditional security approaches unable to follow vulnerability profiles through microservices, containers and different versions.
Additionally, because these conventional methods are embedded in the continuous delivery pipeline and can be exposed to many potential vulnerabilities, their lack of visibility raises several issues:
All of this points to the need for automatic and intelligent security solutions that expand the reach of runtime application security in a multicloud environment. This facilitates more reliable insights that can’t be broken by containers, microservices and Kubernetes platforms.
Pre-production environment scans are important for vulnerability detection, but have become insufficient for several reasons, including:
The underlying theme connecting all of this is a lack of context. If vulnerability scanners can’t capture all changes in an environment, that missing context means DevSecOps teams don’t have a full understanding of their exposure to vulnerabilities in different runtime situations.
Keeping up with security requirements, checks and coverage today is difficult. And it only gets more cumbersome as environments and DevSecOps pipelines change at an increasingly fast pace.
Current security tools were purpose-built for waterfall-based development, meaning they bottleneck agile-based DevSecOps. They’re time-consuming, not developer-friendly, and riddled with false positives. Those false positives are a problem, as scanners lack the context needed to determine whether those are real vulnerabilities that expose risk, or are being flagged incorrectly as alerts. Consequently, DevSecOps teams are forced to waste time chasing problems that aren’t relevant — or aren’t even actually there.
Additionally, pureplay security solutions built for DevSecOps introduce deployment friction (through agents), while lacking a breadth of technology coverage — which can negatively impact application performance, start time and stability. Given all this, the challenge of security actively slowing down DevSecOps, rather than bolstering it, has reached a critical mass.
Effective app security for dynamic multicloud environments requires a next-generation upgrade.
What does that entail? An upgrade means automatic deployment and instrumentation in production that requires no manual configurations. It means real-time dependency mapping and transaction flow analysis for risk assessment of vulnerability exposures, with automatic and continuous updates to understand runtime app vulnerabilities and their impacts on production environments. It also means full-stack code and infrastructure observability and analysis for following attack vectors. Intelligent analytics that weed out false positives created by code that wasn’t executed in the first place. And finally, AI-assistance that automates risk assessment and prioritizes risks by business impact. All of this is driven by a core understanding that if and when you’re exposed, the time to act is limited and crucial — every second counts.
In a dynamic and multicloud world, traditional app security doesn’t cut it anymore. Vulnerability detection and risk assessment now need an AI-driven, continuous automation upgrade that keeps organizations ahead of the curve and secure.
Feature image via Pixabay.
