HomeTech PlusTECH & OTHER NEWSESG and ArmorCode Uncover State of App Security; GenAI Adds Complexities Creating...

ESG and ArmorCode Uncover State of App Security; GenAI Adds Complexities Creating Urgency to Reduce Risk and Modernize DevSecOps

Lack of visibility, gaps between teams and a need for future-proofing AI reinforces the need for “Best-of-Breed’ tooling with vendor independent governance

PALO ALTO, Calif.: ArmorCode, the leading provider of AI-powered Application Security Posture Management (ASPM) for managing and reducing risk across applications, infrastructure, and the software supply chain, and Tech Target’s Enterprise Strategy Group (ESG) today announced the findings from new research, “Modernizing Application Security to Scale for Cloud-Native Development.” The new report uncovered a growing desire to evolve from traditional application security and DevOps processes to modern AppSec and DevSecOps processes allowing for more integration and visibility between security and developer teams. The report also highlighted the need to develop a modern AppSec framework that is future proof, while enabling AI and DevSecOps teams to thrive. The ArmorCode-sponsored ESG report includes survey responses from hundreds of IT, cybersecurity, and application development professionals at mid-size and enterprise organizations.

State of AppSec Teams

AppSec teams are overburdened and under-resourced, especially considering that for every AppSec engineer, there are often more than 100 developers. According to ESG, organizations are adopting DevSecOps at an increasing rate, from 38% today to 48% over the next 24 months. This tighter alignment between development and operations teams, and its subsequent pace and scale, is straining security teams. In fact, security teams admit they struggle to implement consistent security tools and processes across the organization in ways that support development rather than slow it down. Since security teams are spread so thin and limited on resources, 42% report that they have no visibility at all into what developers are doing to test and fix their code. As a result, the lack of security checks (guardrails) and visibility into software development are two of the top three challenges that teams report, in addition to prioritizing remediation efforts based on risk, rather than just severity.

“As organizations are investing in DevSecOps initiatives and modernizing their application security programs, ASPM solutions can provide a vendor independent governance layer needed by teams to improve visibility, manage risk, and gain the context and efficiency needed to focus remediation actions on what matters most,” said Melinda Marks, practice director, cybersecurity, Enterprise Strategy Group. “Any medium to large enterprise has multiple scanning tools using different programming languages, so a vendor-independent governance layer can better orchestrate application security testing within developer workflows, while providing security teams with the control and visibility they need to support scale.”

Future Proofing AI in DevSecOps

The tidal wave of generative AI, while important for modernization, is also increasing pressure on DevSecOps. The role of AI in AppSec and the responsibility for security teams in ensuring the safe usage of AI across the organization are top of mind for respondents. 97% of organizations are currently using, or have plans to use, generative AI in software development. However, security teams feel outnumbered and report to be “very concerned” around nearly every aspect of securing that AI usage. Identifying or flagging sensitive data shared with GenAI frameworks, the security of APIs related to usage of GenAI and governance and policies to manage usage were all top concerns. As such, these organizations need to future proof their security programs around AI with a focus on a new approach to modernizing their application security.

“Having spent the past 30 years in the trenches of cybersecurity, I’ve experienced firsthand how siloed approaches challenge the best run organizations, causing breakdown in teams working to deliver secure software and manage vulnerabilities. Throw in the complexity of AI, on top of challenges in securing legacy public and private clouds, and today’s cybersecurity teams are struggling mightily. ArmorCode is purpose-built to secure what exists today and speed the adoption of new technologies, to simplify security and drive the collaboration required to better manage risk – measurement, management and communication of risk is the new requirement for every security team today,” says Karthik Swarnam, CSTO of ArmorCode.

Independent Governance Enables Best-of-Breed Adoption

Faced with the complexities of modern application development and the rapid accelerant that AI represents, security teams report a need for flexibility, unified visibility, and a new approach to AppSec. Given the current state of AppSec, it’s no surprise that 98% of organizations are planning to invest in new security solutions to modernize their AppSec programs to keep up with AI, DevSecOps, and the needs of their business. There are several approaches to modernizing AppSec programs, but 56% of organizations prefer to take a best-of-breed tools approach and leverage a platform that enables them to customize tooling choices across their enterprise.

Technology For You
Technology For Youhttps://www.technologyforyou.org
Technology For You - One of the Leading Online TECHNOLOGY NEWS Media providing the Latest & Real-time news on Technology, Cyber Security, Smartphones/Gadgets, Apps, Startups, Careers, Tech Skills, Web Updates, Tech Industry News, Product Reviews and TechKnowledge...etc. Technology For You has always brought technology to the doorstep of the Industry through its exclusive content, updates, and expertise from industry leaders through its Online Tech News Website. Technology For You Provides Advertisers with a strong Digital Platform to reach lakhs of people in India as well as abroad.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

spot_img

CYBER SECURITY NEWS

TECH NEWS

TOP NEWS