Enterprise Security: The Current Challenges of Securing All Your Enterprise Assets
Gone are the days when application security (AppSec) was primarily focused on securing physical hardware and its associated software. With the shift towards digital assets and cloud-based technologies, the job of AppSec has become increasingly complex and decentralized.
How does a solution architect perceive asset security across the enterprise in such complex scenarios?
I join forces with ArmorCode Chief Product Officer Mark Lambert in the first episode of Let's Talk AppSecOps to discuss just that—the evolving landscape of AppSec as the distinction between hardware and cloud becomes increasingly blurred.
When infrastructure and AppSec come together
“Infrastructure now is dynamic, and it’s disposable.”
Back when AppSec revolved around securing physical hardware and devices, security folks spent their days protecting servers, networks, and other physical assets from potential threats. But nowadays? Things have evolved a little, to say the least.
The rising trend of cloud and container
Cloud and container apps, as well as infrastructure-as-code, are examples of innovations that have brought new security challenges to the table. These technologies allow organizations to deploy and manage applications a lot more flexibly and cost-effectively. Sounds perfect, doesn’t it? Except it isn’t.
The challenges of all-digital assets
“The biggest thing that I’ve noticed has been the jump from hardware to all-digital assets.”
Unfortunately, these apps also introduce new security challenges, as the assets are not physically located within the organization's infrastructure. This means that security responsibilities are now spread across multiple teams and desks, making it difficult for a single person or team to handle all aspects of AppSec.
This shift towards a more decentralized approach to AppSec has also led to a change in the role of cybersecurity professionals. Consequently, the typical "cybersecurity do-it-all" perception is now a thing of the past, be it at small-scale firms or large corporations.
Need for Collaboration between Teams
“There are disparate systems, but now there are disparate teams as well.”
Development and security folks have different incentives when it comes to releasing software, which means that they often butt heads. When this tension isn’t addressed early on, it can cause entrenchment, with neither team making progress.
Development teams often have a good understanding of the app’s business logic and how it works, but may not be as familiar with the security risks. AppSec teams, on the other hand, solely focus on identifying and mitigating risks. Fostering collaboration between these two teams has many benefits, including enhanced security across the enterprise, increased efficiency, and improved communication.
“Now we’ve got virtual machines; we’ve got instances that can be spun up and down in a matter of seconds. So, everything gets a little blurry as in where infrastructure and applications assets meet.” Ergo, hardware and digital-native assets are blending together.
The transition from all-hardware to mostly-digital assets has seriously complicated and decentralized the job of application security. Cloud and container apps and infrastructure-as-code are examples of innovations whose security requirements will span multiple desks, making it impossible for a single person or team to handle all aspects of AppSec.
So, what does this say about the future of security? Find out when you listen to our full chat in the first episode of Let’s Talk AppSecOps.