Currently charging up the hype cycle slope? The rush to become a “technology-forward” organization.
But delivering on digital transformation potential demands more than buzzwords — along with C-suite support, end-user buy in and robust data defense, companies must develop “protection-forward” strategies to secure the IT front line: Applications.
What is a technology-forward organization? One that prioritizes digital transformation — the ongoing shift away from cumbersome physical processes and outdated IT solutions to always-connected, digitally-enabled services that empower user access and data analytics to drive long-term ROI.
When properly implemented, tech-forward strategies pay big dividends: As noted by Forbes, businesses like Target and Best Buy — both at risk of going under just a few years ago — have substantially improved both performance and revenue by leaning into digital solutions. According to Tech Republic, 66 percent of business leaders now plan to implement digital transformation strategies and expect them to drive 17 percent ROI over the next year.
The challenge? Forward thinking can’t be confined to the big picture: Realizing IT potential demands a protection-forward strategy to secure the rapidly-expanding suite of web and mobile applications that power day-to-day business operations.
Applications are at risk. Consider the financial industry: As noted by IT World Canada, 92 percent of mobile and web-based financial apps tested contained at least one medium-risk security issue and 85 percent failed GDPR compliance evaluations.
But with apps now driving both internal efficiency and critical to customer retention, what’s the disconnect? Why are companies still releasing apps that don’t meet basic security expectations?
Two key factors help perpetuate this insecure application cycle:
This puts application security behind the curve since even critical issues may not get C-suite attention for weeks or months, in turn limiting the efficacy of more buzz-worthy digital transformation initiatives.
As noted by the FTC, “more than a thousand apps are hitting the market each day”. The Commission recommends that companies “aim for reasonable data security” to help mitigate app risk in this growing ecosystem — but what’s the worst that could happen if speedy DevOps teams push insecure apps out the door early?
Simply put? Insecure apps have a ripple effect on corporate security and digital transformation processes. As noted by the Tech Target piece, tracking down app issues post-release can take three months or more, while shelving apps to address critical infosec issues puts companies behind the competition.
Recent NIST guidance on software security and protection makes it clear: Organizations bear responsibility for the safety and security of their applications and the data they process. The agency suggests a four-part development process that specifically calls out improved software security designed “to protect all components of the software from tampering and unauthorized access.”
To achieve this kind of protection-forward functionality, many organizations are transitioning to DevSecOps teams that make app security a key component of development and release cycles. Here, three factors help drive app protection success:
Technology-forward businesses recognize the power of digital transformation. But, leveraging the potential of this organizational shift demands app protection-forward strategies that lay the security groundwork for responsible and compliant application design.