CIO Influence
CIO Influence News Cloud Machine Learning Security

ESG and ArmorCode Reveal App Security State; GenAI Raises Risk and DevSecOps Urgency

ESG and ArmorCode Reveal App Security State; GenAI Raises Risk and DevSecOps Urgency

Lack of visibility, gaps between teams and a need for future-proofing AI reinforces the need for “Best-of-Breed’ tooling with vendor independent governance

ArmorCode, the leading provider of AI-powered Application Security Posture Management (ASPM) for managing and reducing risk across applications, infrastructure, and the software supply chain, and Tech Target’s Enterprise Strategy Group (ESG) today announced the findings from new research, “Modernizing Application Security to Scale for Cloud-Native Development.” The new report uncovered a growing desire to evolve from traditional application security and DevOps processes to modern AppSec and DevSecOps processes allowing for more integration and visibility between security and developer teams. The report also highlighted the need to develop a modern AppSec framework that is future proof, while enabling AI and DevSecOps teams to thrive. The ArmorCode-sponsored ESG report includes survey responses from hundreds of IT, cybersecurity, and application development professionals at mid-size and enterprise organizations.

Also Read: The Top Five Must-Haves for Picking an AI Security Solution

“As organizations are investing in DevSecOps initiatives and modernizing their application security programs, ASPM solutions can provide a vendor independent governance layer needed by teams to improve visibility, manage risk, and gain the context and efficiency needed to focus remediation actions on what matters most”

State of AppSec Teams

AppSec teams are overburdened and under-resourced, especially considering that for every AppSec engineer, there are often more than 100 developers. According to ESG, organizations are adopting DevSecOps at an increasing rate, from 38% today to 48% over the next 24 months. This tighter alignment between development and operations teams, and its subsequent pace and scale, is straining security teams. In fact, security teams admit they struggle to implement consistent security tools and processes across the organization in ways that support development rather than slow it down. Since security teams are spread so thin and limited on resources, 42% report that they have no visibility at all into what developers are doing to test and fix their code. As a result, the lack of security checks (guardrails) and visibility into software development are two of the top three challenges that teams report, in addition to prioritizing remediation efforts based on risk, rather than just severity.

“As organizations are investing in DevSecOps initiatives and modernizing their application security programs, ASPM solutions can provide a vendor independent governance layer needed by teams to improve visibility, manage risk, and gain the context and efficiency needed to focus remediation actions on what matters most,” said Melinda Marks, practice director, cybersecurity, Enterprise Strategy Group. “Any medium to large enterprise has multiple scanning tools using different programming languages, so a vendor-independent governance layer can better orchestrate application security testing within developer workflows, while providing security teams with the control and visibility they need to support scale.”

Also Read: The Data Dilemma in the Era of AI

Future Proofing AI in DevSecOps

The tidal wave of generative AI, while important for modernization, is also increasing pressure on DevSecOps. The role of AI in AppSec and the responsibility for security teams in ensuring the safe usage of AI across the organization are top of mind for respondents. 97% of organizations are currently using, or have plans to use, generative AI in software development. However, security teams feel outnumbered and report to be “very concerned” around nearly every aspect of securing that AI usage. Identifying or flagging sensitive data shared with GenAI frameworks, the security of APIs related to usage of GenAI and governance and policies to manage usage were all top concerns. As such, these organizations need to future proof their security programs around AI with a focus on a new approach to modernizing their application security.

“Having spent the past 30 years in the trenches of cybersecurity, I’ve experienced firsthand how siloed approaches challenge the best run organizations, causing breakdown in teams working to deliver secure software and manage vulnerabilities. Throw in the complexity of AI, on top of challenges in securing legacy public and private clouds, and today’s cybersecurity teams are struggling mightily. ArmorCode is purpose-built to secure what exists today and speed the adoption of new technologies, to simplify security and drive the collaboration required to better manage risk – measurement, management and communication of risk is the new requirement for every security team today,” says Karthik Swarnam, CSTO of ArmorCode.

Independent Governance Enables Best-of-Breed Adoption

Faced with the complexities of modern application development and the rapid accelerant that AI represents, security teams report a need for flexibility, unified visibility, and a new approach to AppSec. Given the current state of AppSec, it’s no surprise that 98% of organizations are planning to invest in new security solutions to modernize their AppSec programs to keep up with AI, DevSecOps, and the needs of their business. There are several approaches to modernizing AppSec programs, but 56% of organizations prefer to take a best-of-breed tools approach and leverage a platform that enables them to customize tooling choices across their enterprise.

ArmorCode has long supported its medium and large Global 2000 enterprise customers who have complex environments from applications on mainframes to modern AI applications in these efforts. With an AI-powered ASPM Platform acting as a vendor-independent governance layer, ArmorCode enables security teams to deliver consistent processes and workflows to all groups across the enterprise, no matter the underlying tools and technologies used. This allows organizations to take a best-of-breed approach, future proof against AI risks, and maintain the visibility and process maturity required to keep pace with the speed and scale of development efforts. In bringing together different teams, ArmorCode enables organizations to build security-first relationships from the inside out. Through empowering strong security champions, ArmorCode helps organizations embrace DevSecOps and reach the high ground ahead of the coming rise of AI indicated in ESG’s research.

Also Read: CIO Influence Interview with Kelly Ahuja, CEO, Versa Networks

[To share your insights with us as part of editorial or sponsored content, please write to psen@itechseries.com]

Related posts

Mezmo Appoints Former New Relic, Reltio Leaders as CPO and CMO

Atsign Defuses Terrapin Threat with SSH No Ports: Secure Connections, Untouched

GlobeNewswire

Privacera Survey Reveals the Need for Scalable Data Security Governance Strategies Will Increase Substantially Throughout 2023 and Beyond