Retailers: Adopt Three Application Security Technologies Now
As the holiday season approaches, retail leaders must work closely with their security teams to prevent breaches and downtime that can disrupt operations, frustrate customers, and lead to lost sales. Application flaws remain one of the top attack vectors: In 2023, 58% of security decision-makers noted that application-related exploits were the external attack vector that led to breaches, up from 52% in 2022.
Retailers’ pandemic-induced digital transformation continues, and security leaders are shoring up the technologies to protect applications built with open source and running in the cloud. In our report, The State Of Application Security, 2024, we noted three application security technologies that security decision-makers at retailers are particularly eager to adopt:
- Software composition analysis (SCA). Software composition analysis tools scan an application to build an inventory of open-source and third-party components, helping security teams and developers find and remediate vulnerabilities, license risks, conflicts, and noncompliant usage. With software supply chain attacks responsible for several top breaches last year, SCA has become a critical tool for both generating and analyzing software bills of materials. One in four security decision-makers at retailers indicated that they planned to adopt SCA in the next 12 months.
- Container security. Container images continue to be ripe for targeting, with many images running in production having critical or high-severity security flaws. Some container security products — often part of SCA tools — look at container images in the pipeline and identify vulnerabilities to be remediated in the image itself. Other container security tools monitor containers in production, protecting against issues such as configuration drift and access violations. Almost one-quarter of security decision-makers at retailers said they will adopt container security in the next 12 months.
- Serverless security. Organizations leveraging serverless architectures must contend with a combination of traditional and newer attack vectors. Serverless security tools inventory serverless functions, find vulnerabilities, and protect functions at runtime. Among security decision-makers at retailers, 24% shared plans to adopt serverless security in the next 12 months. Note that securing serverless functions also requires investing in traditional code security tools like static application security testing and SCA.
Use these data points and other trends from The State Of Application Security, 2024 to compare your company to your peers and justify application security plans to your leadership team, for both the holiday season and year-round. If you are a Forrester client and would like to discuss further, we invite you to set up a guidance session or inquiry with us.
Related Forrester Content
- The State Of Application Security, 2024
- Responding To The Cybersecurity Signal In The Sky, A Hero Steps Out Of The Shadows: Software Composition Analysis
- Lessons Learned From The World’s Biggest Data Breaches And Privacy Abuses, 2023
- Avoid The Security Inconsistency Pitfalls Transitioning To Serverless