How to Overcome The Top 6 Application Security Challenges

By : Krishna Anindyo | Saturday, June 13 2020 - 13:00 IWST

Ilustration Security Challenges (Photo by Information Age)
Ilustration Security Challenges (Photo by Information Age) - Most companies take a reactive approach to application security and information security. But why wait for an attacker to get into your unprotected (or minimally protected) sensitive data before you decide to do something about it?

What application security challenges are you facing?

When security becomes a problem, it becomes a crisis. Getting ahead of the crisis potential with a proactive security approach allows you to reclaim your staff and reinvest your time and activities to further your company’s goals and industry reputation. If you wait until it’s too late, all attention will focus on remediation efforts and damage control as you attempt to hold onto what little trust still remains within your customer base. A more logical approach is to get ahead of the bad guys.

There are six primary challenges that organisations face as they move toward a proactive security approach.

1. Hiring and retaining security experts is difficult and costly.

The shortage of available talent for cyber security positions has caused their salaries to skyrocket. In 2018, information security analyst salaries averaged US$98,350, and the top 25% made nearly US$127,000. Add the cost of benefits and overhead (about 43% of wages and salary in the private sector), and you’re looking at a major investment for a very specific skill set.

2. Your legacy or third-party applications might carry security risks.

Hackers look for the easiest way into your organisation. Unfortunately, your limited internal resources might not have the time, skills, or tools to identify all the paths hackers have access to, even if you’ve been testing your applications regularly. Attackers also like to exploit vulnerabilities in legacy code. When your developers reuse code that has been in circulation for decades, they may unwittingly inherit its technical debt, which includes security bugs and flaws.

3. Lumpy demand requires elastic capacity.

Most companies no longer follow a fixed-release schedule. Instead, continuous integration and continuous delivery (CI/CD) has essentially become mandatory for organisations to stay competitive and meet customer demands. And each of these continual feature releases carries a different level of technical risk and business impact, which an application security program must be able to accommodate.

4. You need to respond to changes on a dime.

Not only are you dealing with a lumpy release schedule, but your business is also evolving quickly. Your security team needs to keep pace. If demand spikes without your having a full application security team on hand, you’ll be scrambling to test and clean up code — or worse, to deploy patches to software that’s already in the hands of users.

5. No single testing tool can catch every vulnerability.

Every security testing tool has different strengths, and no tool catches everything. If budget and resource limits restrict you to using only one or two security testing tools, you might miss critical vulnerabilities. What’s more, without the capacity to replicate and confirm findings, you might spend countless hours chasing false positives.

6. Tools alone are not enough to keep you safe.

Application security changes constantly. New threats and attack vectors emerge, and new regulations ramp up compliance requirements. Your testing and prevention strategies need to keep up with those changes.

News Comment

Today's Industry

Minister of Tourism and Creative Economy Sandiaga Uno (19/04/2021).

Selasa, 20 April 2021 - 21:00 WIB

Vaccination Can Rebuild Creative Economy: Tourism Minister

Minister of Tourism and Creative Economy Sandiaga Uno has expressed optimism that vaccination program for creative economy actors will boost productivity and rebuild creative economy sector.

President Jokowi inspecting vaccination for artists and cultural practitioners accompanied,(Photo: Bureau of Press, Media, and Information of Presidential Secretariat/Lukas

Selasa, 20 April 2021 - 20:40 WIB

Health Minister: Stay Vigilant, Disciplined in Observing Health Protocols

Minister of Health Budi Gunadi Sadikin Monday (19/04) inspected vaccination for artists and cultural practitioners at the Indonesia National Gallery in Central Jakarta along with President Joko…

President Jokowi chairs a Limited Meeting on Handling of COVID-19 Pandemic ahead of Eid Al-Fitr 1442 Hijri, at the Merdeka Palace, Jakarta, Monday (19/4). (Photo by: PR of Cabinet Secretariat/Agung)

Selasa, 20 April 2021 - 20:05 WIB

Gov’t to Boost Community Economy through Religious Festivity Allowance, Social Protection

The Government has announced that it will continue to maintain the balance of COVID-19 handling and national economic recovery, including during the holy month of Ramadan and Eid Al-Fitr 1442…

Minister of Health Budi G. Sadikin (19/04/2021). (Photo by: PR of Cabinet Secretariat/Agung)

Selasa, 20 April 2021 - 19:55 WIB

Despite Vaccination, Stay Disciplined in Observing Health Protocols: Health Minister

Indonesia can learn from India on why the number of COVID-19 cases is rising despite successful vaccination there, according to Minister of Health Budi G. Sadikin.

Coordinating Minister for Economic Affairs Airlangga Hartarto, accompanied by Minister of Religious Affairs Yaqut Cholil Qoumas and Minister of Health Budi G. Sadikin

Selasa, 20 April 2021 - 19:15 WIB

Gov’t Extends Micro-Scale Restrictions to 3 May

The activity restrictions (PPKM) and micro-based activity restrictions (PPKM Mikro) policies that have been implemented since last January have been effective in controlling the spread of COVID-19,…