Currently charging up the hype cycle slope? The rush to become a “technology-forward” organization.
But delivering on digital transformation potential demands more than buzzwords — along with C-suite support, end-user buy in and robust data defense, companies must develop “protection-forward” strategies to secure the IT front line: Applications.
What is a technology-forward organization? One that prioritizes digital transformation — the ongoing shift away from cumbersome physical processes and outdated IT solutions to always-connected, digitally-enabled services that empower user access and data analytics to drive long-term ROI.
When properly implemented, tech-forward strategies pay big dividends: As noted by Forbes, businesses like Target and Best Buy — both at risk of going under just a few years ago — have substantially improved both performance and revenue by leaning into digital solutions. According to Tech Republic, 66 percent of business leaders now plan to implement digital transformation strategies and expect them to drive 17 percent ROI over the next year.
Before I start, I would like to thank PreEmptive for inviting me to write a guest post.
I would like to start my blog with a discussion about the growing cyber threats all over the world. I assume readers are well aware of cyber threats and how they are addressed by people, process, and technology. The continuous planning and advancement of security in the cyber world including but not limited to applications is an interesting read. Here, in my blog, I would like to discuss how companies can support mobile application security for better and safer use of stored data.
The booths are gone, the lights are off and the conference halls are empty. It’s a wrap for RSAC 2019, but IT pros aren’t going home empty-handed: Here’s a roundup of this year’s key topics, critical outcomes and biggest surprises.
No “I” in Team
This year’s RSA Conference opted for a simple, one-word theme: Better.
While it’s certainly aspirational, what does it mean in practice? For RSA, it’s a recognition that security doesn’t happen in a vacuum, that infosec pros must work together to find better solutions, make better connections and make the world a better place. Given the often-fragmented nature of corporate IT security — RSA’s focus on empowering the “collective we” in cybersecurity makes sense: Evolving, adaptable threats won’t be defeated by companies operating in isolation.
It’s no longer enough to just make great software. Now, mobile-enabled, always-connected users demand applications capable of meeting them where they are — without sacrificing quality, performance, or protection. This means easy to use, intuitive software that’s always available, always secure, and always works, delivered at a fast cadence.
To meet these increasing expectations, 3rd party tools and solutions continue to be critical for development environments. Companies recognize the need to use a combination of in-house, open-source, and proprietary offerings to deliver competitive software on-demand.
At PreEmptive we’re continuously searching for ways to improve our development process, boost productivity, and drive best-of-breed software design. But we’re not selfish — in the spirit of the season, we’re happy to share some of our favorite tools for software development and design.
In 2017 and again in 2018, PreEmptive Solutions surveyed over 15,000 professional developers asking about their organization’s current and projected use of a broad cross-section of development languages and frameworks.
Evaluating each annual survey result on its own and again together as a whole offers insights into current practices, assumptions about future trends as well as the actual trends that played out during the time between the two survey collection points.
The white paper, Multi-Year Developer Survey Reveals Evolving Practices and Foreshadows Further Change shows a professional development community striving to reduce the number of languages and frameworks they rely upon while simultaneously increasing their commitment and investments in the technologies they retain. As this maturation occurs, overall clarity and confidence in their architecture and mission improves.
All apps are vulnerable. That’s the takeaway from a recent Trustwave report, which found that 100 percent of web applications could be compromised in a cyberattack. Combined with the uptick in mobile malware, account takeover fraud and blockchain-based attacks, companies spend most of their time fending off new attacks while trying to keep current apps up and running.
The result? It’s easy to assume that when applications aren’t directly under attack, they’re effectively safe. The truth? More code handling more data increases the risk of “leaky apps” — applications which unwittingly expose sensitive data to prying eyes.
Here’s how you plug the holes.
In its recent GitHub $7.5B acquisition announcement, Microsoft promised to “bring its developer tools and services to new audiences.” “New audiences” in this context mean, quite literally, GitHub’s 28 million developer users. As the “largest open source community in the world,” GitHub audiences will most surely also mean new requirements, new priorities, and new expectations – but these will also come with old biases. And there is no better example of open source bias than code obfuscation.
For the typical open source developer, obfuscation is “like a pearl onion on a banana split” – it simply does not belong (with thanks and apologies to Philip Marlowe in Raymond Chandler’s The Long Goodbye).
The argument is simple enough – there is no reason to prevent the reverse engineering of open source applications because the source code is already public. It’s like picking an unlocked door.
I am not a superstitious person and I don’t believe in magic, but even still – I have to confess that the way Xamarin spits out Android and iOS apps (along with all the other platforms) feels kind of magical to me. Of course, when something breaks, I am reminded all too quickly that there is no magic happening here – Xamarin has just encapsulated a lot of complex steps into a neat and tidy black box.
For me, and I bet I am not alone here, I am very happy to leave that black box alone – and I am also happy to ignore as much of the platform-specific details as I possibly can.
Unfortunately, when it comes to security, there are platform-specific issues that simply cannot be ignored.