Lack of visibility, gaps between teams and a need for future-proofing AI reinforces the need for “Best-of-Breed’ tooling with vendor independent governance.
PALO ALTO – AUGUST 16, 2024 – ArmorCode, the leading provider of AI-powered Application Security Posture Management (ASPM) for managing and reducing risk across applications, infrastructure, and the software supply chain, and Tech Target’s Enterprise Strategy Group (ESG) today announced the findings from new research, “Modernizing Application Security to Scale for Cloud-Native Development.” The new report uncovered a growing desire to evolve from traditional application security and DevOps processes to modern AppSec and DevSecOps processes allowing for more integration and visibility between security and developer teams. The report also highlighted the need to develop a modern AppSec framework that is future proof, while enabling AI and DevSecOps teams to thrive. The ArmorCode-sponsored ESG report includes survey responses from hundreds of IT, cybersecurity, and application development professionals at mid-size and enterprise organizations.
State of AppSec Teams
AppSec teams are overburdened and under-resourced, especially considering that for every AppSec engineer, there are often more than 100 developers. According to ESG, organizations are adopting DevSecOps at an increasing rate, from 38% today to 48% over the next 24 months. This tighter alignment between development and operations teams, and its subsequent pace and scale, is straining security teams. In fact, security teams admit they struggle to implement consistent security tools and processes across the organization in ways that support development rather than slow it down. Since security teams are spread so thin and limited on resources, 42% report that they have no visibility at all into what developers are doing to test and fix their code. As a result, the lack of security checks (guardrails) and visibility into software development are two of the top three challenges that teams report, in addition to prioritizing remediation efforts based on risk, rather than just severity.
“As organizations are investing in DevSecOps initiatives and modernizing their application security programs, ASPM solutions can provide a vendor independent governance layer needed by teams to improve visibility, manage risk, and gain the context and efficiency needed to focus remediation actions on what matters most,” said Melinda Marks, practice director, cybersecurity, Enterprise Strategy Group. “Any medium to large enterprise has multiple scanning tools using different programming languages, so a vendor-independent governance layer can better orchestrate application security testing within developer workflows, while providing security teams with the control and visibility they need to support scale.”
Future Proofing AI in DevSecOps
The tidal wave of generative AI, while important for modernization, is also increasing pressure on DevSecOps. The role of AI in AppSec and the responsibility for security teams in ensuring the safe usage of AI across the organization are top of mind for respondents. 97% of organizations are currently using, or have plans to use, generative AI in software development. However, security teams feel outnumbered and report to be “very concerned” around nearly every aspect of securing that AI usage. Identifying or flagging sensitive data shared with GenAI frameworks, the security of APIs related to usage of GenAI and governance and policies to manage usage were all top concerns. As such, these organizations need to future proof their security programs around AI with a focus on a new approach to modernizing their application security.
“Having spent the past 30 years in the trenches of cybersecurity, I’ve experienced firsthand how siloed approaches challenge the best run organizations, causing breakdown in teams working to deliver secure software and manage vulnerabilities. Throw in the complexity of AI, on top of challenges in securing legacy public and private clouds, and today’s cybersecurity teams are struggling mightily. ArmorCode is purpose-built to secure what exists today and speed the adoption of new technologies, to simplify security and drive the collaboration required to better manage risk – measurement, management and communication of risk is the new requirement for every security team today,” says Karthik Swarnam, CSTO of ArmorCode.
Independent Governance Enables Best-of-Breed Adoption
Faced with the complexities of modern application development and the rapid accelerant that AI represents, security teams report a need for flexibility, unified visibility, and a new approach to AppSec. Given the current state of AppSec, it’s no surprise that 98% of organizations are planning to invest in new security solutions to modernize their AppSec programs to keep up with AI, DevSecOps, and the needs of their business. There are several approaches to modernizing AppSec programs, but 56% of organizations prefer to take a best-of-breed tools approach and leverage a platform that enables them to customize tooling choices across their enterprise.
ArmorCode has long supported its medium and large Global 2000 enterprise customers who have complex environments from applications on mainframes to modern AI applications in these efforts. With an AI-powered ASPM Platform acting as a vendor-independent governance layer, ArmorCode enables security teams to deliver consistent processes and workflows to all groups across the enterprise, no matter the underlying tools and technologies used. This allows organizations to take a best-of-breed approach, future proof against AI risks, and maintain the visibility and process maturity required to keep pace with the speed and scale of development efforts. In bringing together different teams, ArmorCode enables organizations to build security-first relationships from the inside out. Through empowering strong security champions, ArmorCode helps organizations embrace DevSecOps and reach the high ground ahead of the coming rise of AI indicated in ESG’s research.
To see the full findings from the ESG survey, download your copy HERE.
To read more about ArmorCode, our 250 plus integrations, and how we’ve processed over 10 billion findings, please visit HERE.
About ArmorCode
ArmorCode is on a mission to supercharge security teams with a new model to reduce risk and burn down critical security tech debt. With its AI-powered ASPM platform, ArmorCode integrates with all your security scanners across applications, infrastructure, containers, and cloud to unify and normalize findings, correlates them with business context and threat intel through intelligent risk scoring, and orchestrates security workflows to empower developers to remediate issues without disrupting their flow. ArmorCode delivers unified visibility, AI-enhanced prioritization, and scalable automation for customers so they can realize a complete understanding of risk, respond at scale, and collaborate more effectively.
Enterprises of all sizes scale their security effectiveness by more than 10x and maximize their ROI on existing security investments with ArmorCode through managing Application Security Posture Management, Risk-Based Vulnerability Management, Software Supply Chain Security, DevSecOps, and Risk & Compliance.
For more information, visit www.armorcode.com.