As data flows between enterprise applications, cloud-connected or SaaS software, and IoT devices, business risk is also growing exponentially. The Verizon 2020 Data Breach Investigations Report (DBIR) revealed that 43% of breaches were caused by web applications, more than double the amount in 2019. As digital transformation accelerates, so does the attack surface. Recent research by my company found three out of every four software applications contain at least one security defect. The speed of software development and delivery increases through automation, meaning security must also become faster and more automated.
Our own data illustrates both the growth and the risk. In our most recent report, we analyzed 130,000 apps and found that 76% of applications had at least one vulnerability. As companies transform through software, the digital attack surface is growing exponentially, and fixing defects in software needs to keep pace with this reality.
Three Trends Shaping The Future Of Cybersecurity
Digital transformation itself is meaningful, but numerous technology shifts and trends are occurring. I believe three key technology trends will impact cybersecurity the most over the next five-plus years:
We are quickly moving into a world where everyone and everything is connected. As data flows between enterprise applications, cloud-connected or SaaS software, and IoT devices, business risk is growing dramatically.
Abstraction And Componentization
Software and technology continue to act as the backbone of modern business and society. As a result, businesses are continually seeking methods to innovate and build software faster. The pressure for speed has resulted in a trend in which development teams break down what used to be comprehensive applications into the smallest possible reusable blocks of logic — or microservices — in order to stitch them together into a multitude of business processes and workflows. This trend enables businesses to work synchronously on many things and drive reuse across the business, thereby increasing efficiency and speed.
Hyperautomation Of Software Delivery
Hypercompetitiveness in the market is driving the need to attain speed-to-value and wring out all inefficiencies in processes, including software development. And, as software development becomes more automated, so must all processes that interact with software delivery; they must also adapt and become hyperautomated, or continuous.
These trends net out two major impacts on business and society. Ubiquitous connectivity means we can expect massive growth in business and consumer risk. And second, abstraction and hyperautomation will fuel how businesses compete, where speed and time-to-market are competitive currency.
The Impact On Software Security
Over the next three to five years, I expect these trends to influence application security and predict we will see three critical innovation drivers emerge that will have direct implications on securing code foundations: security as code and compliance as code, machine learning and auto remediation, and extensive implementation of zero-trust policies across all aspects of business.
Security As Code And Compliance As Code
At its simplest level, security as code (SaC) is about performing security analysis and applying policy rules (i.e., compliance as code) while developing the software. This means that the security policy, tests and scans are integrated directly into the pipeline and code, ensuring that security is assessed on every code commit and results are made available immediately for developers to address.
Machine Learning And Auto-Remediation
The need for speed will drive suppliers to look to artificial intelligence and machine learning to facilitate tasks like identifying design vulnerabilities, threat modeling and remediation. In fact, we are already seeing various industries leveraging machine learning to identify and remediate open-source vulnerabilities, which typically require updating to a more recent version of the code.
In a world where there is no longer a local network or where critical assets lay protected “behind the firewall,” every digital relationship should begin with the assumption of zero trust until trust is formally established. Trust should never be the default. As big monolithic applications get split up into microservices and moved to the cloud, zero-trust assumptions should extend to all third-party code (i.e., open-source or commercial libraries and components, outsourced development, external APIs that are being called, and even your own microservices, unless they are locked away behind a firewall on a VPN).
When everyone and everything is connected and demand for continuous software is at its highest, organizations will be forced to further simplify IT and development efforts. The subsequent increase in cloud adoption and componentization means a perpetually expanding attack surface. As the industry grapples with hyperautomation, we must consider the exponential expansion of our business risk and adapt our approach to stay secure.
Nowsaday, almost every major companies and corporations are gradually applying technological solutions to their business. In order not to be left behind in this race, do not hesitate to contact our company – Opus Solution – a business consultant in Vietnam, specializing in providing potential technology solutions to enhance your business performance. Recently, we have just built and launched eoffice solution, Tasken eOffice, which integrates the most advanced features, not only to help you save costs and time, but also improve the productivity of your business.