When we launched the most recent Forrester Analytics Business Technographics® Security Survey, it was summer of 2020. We’d been in quarantine for about three months, and firms had long since realized that they needed to digitally transform their businesses (and fast) in order to survive the new normal. That meant a lot of application development, as firms:
- Created brand new applications to support products and services that were previously delivered exclusively in person.
- Updated existing application capabilities to account for new use cases and massive scale.
The risk at the time was that the business-driven sprint to digitally transform could exclude application security entirely, leaving new and expanded online presences wide open to a range of attacks. Thankfully, application security did not fall by the wayside. While there was a steady stream of application-based breaches throughout the year (yes, applications are still the most common way in for attackers), security pros are aware of and responding to the challenge.
My latest report, “The State Of Application Security, 2021,” draws heavily from that security survey mentioned above, and by far the most encouraging piece of data I share in the report is about how security pros are prioritizing application security. When asked about their top tactical priorities for the coming year, improving application security was the most common response, and building security into the development process was in the top 10. That latter priority shows up in the number of security teams continuing to shift left and build security tooling into the design and development phases of the software development lifecycle. Security vendors are supporting those initiatives by adding features and integrations that support the developer’s workflow.
It’s not all rainbows and pandemic puppies of course: Many security experts bored at home during quarantine occupied themselves with bug bounties and proved that application flaws are more prevalent than ever: Bugcrowd reported a 50% increase in bug bounty submissions over the prior year. We still see teams struggling to remediate vulnerabilities quickly, while API and container adoption present new attack surfaces to protect. Overall, though, the stated prioritization on application security combined with the aggressive adoption of a range of security tools indicate that many organizations are moving in the right direction.
If your organization hasn’t made application security a top priority, start now. Use “The State Of Application Security, 2021” to learn how your peers are looking at the problem, and encourage your team to adopt the approaches recommended in the report. As always, I’m available for inquiries if you’d like to discuss any of the trends or recommendations in more detail.