|By Michelle Drolet||
|July 26, 2014 10:15 AM EDT||
Despite all the news about hackers infiltrating major corporations, most businesses continue to leave themselves woefully unprotected. Some surveys estimate more than 70% of businesses perform vulnerability tests on less than 10% of their cloud, mobile and web applications. A majority also confess they have been hacked at least once in the last two years.
While most large businesses have begun application vulnerability testing, there is still a long way to go. After all, you are only as strong as your weakest link; hackers will undoubtedly find and attack any application without sufficient defenses.
Although testing and creating protection for high-value and mission-critical applications is better than not doing anything at all, leaving low-priority applications unprotected is still a major risk. If hackers can exploit just one application, that means they can then access the rest of your infrastructure. They'll eventually figure out a way to also attack your high-value applications.
Major Challenges When Protecting Applications
Why in spite of all the risks are organizations not identifying all the vulnerabilities in their cloud, mobile and web applications? Security professionals typically point to several reasons that hold them back:
- Limited Budget: Businesses simply don't allocate enough money to test all applications. Whether additional headcount or technology is required, testing costs money, and most organizations do not set aside sufficient funds.
- Lack of Expertise: Application security is still not a mature science. Even companies with the budget to hire expertise find it difficult to recruit security experts who really understand application security.
- Compliance Focus: Most organizations are driven first by compliance requirements rather than security. So the focus is only on applications that help achieve compliance while other applications are ignored. Applications assessed for security are tested in many cases only to get a checkbox for compliance - not necessarily for sufficient security.
- External Focus Only: One misconception when it comes to application security is that companies shouldn't worry about testing internal applications with no external interface. But think of insider threats. What if you have an internal human resources application with access to confidential employee information? If a less-than-ethical employee exploits a privilege, they can gain access to sensitive records, and your company becomes non-compliant with various standards.
Recommendations for Protecting Your Business
Despite these challenges, there are practical ways to protect your business. Here are a few recommendations to identify application vulnerabilities:
- Respect the Impact of Hacking: According to research by Forrester and the Ponemon Institute, the average cost per record in the case of a breach is at least $300. Most companies have thousands of records. And more than 75% of attacks occur through web applications.
- Outsource: You don't have to do everything yourself. Consider a managed service or a cloud service to help you secure your cloud, mobile and web applications quickly and affordably.
- Create a Process: You can cut your costs by creating a pyramid according to the value of all your apps. First identify and then test all your applications. Based on what you find, you can prioritize applications that need deeper penetration testing. This way, you'll cover all your applications without spending a fortune and taking too long. Automated solutions and a good process can help you get there quickly.
- Manage Your Risk: You will find hundreds of vulnerabilities within your applications, but you won't have time to fix them all. Take a risk management approach and prioritize these vulnerabilities based on a quantitative score. The ones with the highest score (i.e., most likely to be exploited) are the most sensitive and should be addressed right away. All others should be blocked with a web application firewall or other methodologies.
Raise Your Castle Walls to Thwart Attacks
Any breach can have a severely adverse impact on your bottom line. Cloud, mobile and web application vulnerabilities are low-hanging fruit for hackers - they would rather pick these than go after the hard stuff.
Hacking, unfortunately for the rest of us, has become a lucrative profession, and intruders will continue to attack to earn their living. Whether their motive is financial gain, espionage, hacktivism or perhaps something even more pernicious, hackers will continue to fire shots until they penetrate.
Although you can't fire back at the enemy and can't be 100% secure, you can certainly raise the walls of your castle. This puts you in a much better position to thwart their attempts.
The Internet of Things (IoT) is growing rapidly by extending current technologies, products and networks. By 2020, Cisco estimates there will be 50 billion connected devices. Gartner has forecast revenues of over $300 billion, just to IoT suppliers. Now is the time to figure out how you’ll make money – not just create innovative products. With hundreds of new products and companies jumping into the IoT fray every month, there’s no shortage of innovation. Despite this, McKinsey/VisionMobile data...
Dec. 1, 2015 04:00 PM EST Reads: 499
Cloud computing is unquestionably one of the driving forces of DevOps, as the automation of operations transforms enterprise software development. DevOps, however, is more than a technology trend, as it represents a move toward silo-busting, self-organizing horizontal teams that drive business velocity. At the same time, enterprise Digital Transformation represents an upheaval across the enterprise, as customer preferences and behavior drive enterprise technology decisions. This transformation ...
Dec. 1, 2015 03:45 PM EST
One of the most important tenets of digital transformation is that it’s customer-driven. In fact, the only reason technology is involved at all is because today’s customers demand technology-based interactions with the companies they do business with. It’s no surprise, therefore, that we at Intellyx agree with Patrick Maes, CTO, ANZ Bank, when he said, “the fundamental element in digital transformation is extreme customer centricity.” So true – but note the insightful twist that Maes adde...
Dec. 1, 2015 03:00 PM EST Reads: 475
Just over a week ago I received a long and loud sustained applause for a presentation I delivered at this year’s Cloud Expo in Santa Clara. I was extremely pleased with the turnout and had some very good conversations with many of the attendees. Over the next few days I had many more meaningful conversations and was not only happy with the results but also learned a few new things. Here is everything I learned in those three days distilled into three short points.
Dec. 1, 2015 03:00 PM EST Reads: 385
Most of the IoT Gateway scenarios involve collecting data from machines/processing and pushing data upstream to cloud for further analytics. The gateway hardware varies from Raspberry Pi to Industrial PCs. The document states the process of allowing deploying polyglot data pipelining software with the clear notion of supporting immutability. In his session at @ThingsExpo, Shashank Jain, a development architect for SAP Labs, discussed the objective, which is to automate the IoT deployment proces...
Dec. 1, 2015 03:00 PM EST Reads: 145
DevOps is about increasing efficiency, but nothing is more inefficient than building the same application twice. However, this is a routine occurrence with enterprise applications that need both a rich desktop web interface and strong mobile support. With recent technological advances from Isomorphic Software and others, rich desktop and tuned mobile experiences can now be created with a single codebase – without compromising functionality, performance or usability. In his session at DevOps Su...
Dec. 1, 2015 02:45 PM EST Reads: 447
Dec. 1, 2015 02:30 PM EST Reads: 270
As organizations realize the scope of the Internet of Things, gaining key insights from Big Data, through the use of advanced analytics, becomes crucial. However, IoT also creates the need for petabyte scale storage of data from millions of devices. A new type of Storage is required which seamlessly integrates robust data analytics with massive scale. These storage systems will act as “smart systems” provide in-place analytics that speed discovery and enable businesses to quickly derive meaningf...
Dec. 1, 2015 02:15 PM EST Reads: 451
SYS-CON Events announced today that Catchpoint, a global leader in monitoring, and testing the performance of online applications, has been named "Silver Sponsor" of DevOps Summit New York, which will take place on June 7-9, 2016 at the Javits Center in New York City. Catchpoint radically transforms the way businesses manage, monitor, and test the performance of online applications. Truly understand and improve user experience with clear visibility into complex, distributed online systems.Founde...
Dec. 1, 2015 12:15 PM EST
The annual holiday shopping season, which started on Thanksgiving weekend and runs through the end of December, is undoubtedly the most crucial time of the year for many eCommerce websites, with sales from this period having a dramatic effect on the year-end bottom line. Web performance – or, the overall speed and availability of a website or mobile site – is an issue year-round, but it takes on increased importance during the holidays. Ironically, it is at this time of year that networks and i...
Dec. 1, 2015 11:15 AM EST Reads: 166
Countless business models have spawned from the IaaS industry – resell Web hosting, blogs, public cloud, and on and on. With the overwhelming amount of tools available to us, it's sometimes easy to overlook that many of them are just new skins of resources we've had for a long time. In his general session at 17th Cloud Expo, Harold Hannon, Sr. Software Architect at SoftLayer, an IBM Company, broke down what we have to work with, discussed the benefits and pitfalls and how we can best use them ...
Dec. 1, 2015 10:45 AM EST Reads: 136
DevOps is an organizational and cultural rethink of how software-driven organizations can become organizations at velocity – agile enough to innovate and fast enough to deal with any change that comes their way. Information technology is a central enabler of DevOps, but today’s better-faster-cheaper technology is not the whole story, as tools are only as good as the people wielding them. The more fundamental story here is the organizational and cultural transformation necessary to take full adv...
Dec. 1, 2015 10:00 AM EST Reads: 102
Discussions of cloud computing have evolved in recent years from a focus on specific types of cloud, to a world of hybrid cloud, and to a world dominated by the APIs that make today's multi-cloud environments and hybrid clouds possible. In this Power Panel at 17th Cloud Expo, moderated by Conference Chair Roger Strukhoff, panelists addressed the importance of customers being able to use the specific technologies they need, through environments and ecosystems that expose their APIs to make true ...
Dec. 1, 2015 10:00 AM EST Reads: 579
It's been a busy time for tech's ongoing infatuation with containers. Amazon just announced EC2 Container Registry to simply container management. The new Azure container service taps into Microsoft's partnership with Docker and Mesosphere. You know when there's a standard for containers on the table there's money on the table, too. Everyone is talking containers because they reduce a ton of development-related challenges and make it much easier to move across production and testing environm...
Dec. 1, 2015 10:00 AM EST Reads: 659
ThoughtWorks has issued the latest Technology Radar, an assessment of trends significantly impacting software development and business strategy. The Technology Radar sets out the current changes in software development - things in motion to pay attention to based upon ThoughtWorks' day-to-day work and experience solving their clients' toughest challenges. "With the threat landscape still evolving, our latest edition of Technology Radar continues to focus on security and innovative approaches,...
Dec. 1, 2015 09:45 AM EST
Microservices are a very exciting architectural approach that many organizations are looking to as a way to accelerate innovation. Microservices promise to allow teams to move away from monolithic "ball of mud" systems, but the reality is that, in the vast majority of organizations, different projects and technologies will continue to be developed at different speeds. How to handle the dependencies between these disparate systems with different iteration cycles? Consider the "canoncial problem"...
Dec. 1, 2015 09:00 AM EST Reads: 485
The Internet of Things is clearly many things: data collection and analytics, wearables, Smart Grids and Smart Cities, the Industrial Internet, and more. Cool platforms like Arduino, Raspberry Pi, Intel's Galileo and Edison, and a diverse world of sensors are making the IoT a great toy box for developers in all these areas. In this Power Panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists discussed what things are the most important, which will have the most profound...
Dec. 1, 2015 06:30 AM EST Reads: 515
As organizations shift towards IT-as-a-service models, the need for managing & protecting data residing across physical, virtual, and now cloud environments grows with it. CommVault can ensure protection & E-Discovery of your data - whether in a private cloud, a Service Provider delivered public cloud, or a hybrid cloud environment – across the heterogeneous enterprise.
Dec. 1, 2015 06:00 AM EST Reads: 275
PubNub has announced the release of BLOCKS, a set of customizable microservices that give developers a simple way to add code and deploy features for realtime apps.PubNub BLOCKS executes business logic directly on the data streaming through PubNub’s network without splitting it off to an intermediary server controlled by the customer. This revolutionary approach streamlines app development, reduces endpoint-to-endpoint latency, and allows apps to better leverage the enormous scalability of PubNu...
Dec. 1, 2015 05:00 AM EST Reads: 362
Growth hacking is common for startups to make unheard-of progress in building their business. Career Hacks can help Geek Girls and those who support them (yes, that's you too, Dad!) to excel in this typically male-dominated world. Get ready to learn the facts: Is there a bias against women in the tech / developer communities? Why are women 50% of the workforce, but hold only 24% of the STEM or IT positions? Some beginnings of what to do about it! In her Day 2 Keynote at 17th Cloud Expo, San...
Dec. 1, 2015 05:00 AM EST Reads: 623