Taking an application-first cyber security approach

The pandemic climate has highlighted the need for cyber security best practices, while the increased use of applications and digital services across daily life, has forced a re-examination of data sharing and protection. 

The AppDynamics report – App Attention Index 2021: Who takes the rap for the app? – takes a deep dive into consumer habits and attitudes towards applications and digital services and has revealed a greater reliance than ever on always-on, responsive digital experiences.

The latest index shows a 30 per cent increase in the number of applications regularly used by the average person.

Digital newcomers have bolstered this figure, with many – in lieu of face-to-face alternatives – using applications to stay connected with friends and family, access medical advice, purchase essential goods and explore new hobbies. 

The rise in malicious players who have sought to exploit increased digitisation across the region is an upward trend. As organisations are faced with increasing challenges to their business and IT operations, all organisations should consider their security threat postures.

Antoine Le Tard, global vice-president for APJC at Cisco AppDynamics discusses the need for an application-first cyber security approach. 

VIEW ALL

The expectations game

The huge increase in usage of digital services, combined with the seismic improvements that many brands have made to their online offerings during the pandemic, has meant that millions of consumers have suddenly been exposed to the very best applications, across a whole range of sectors.

They’ve been wowed by the most intuitive and personalised digital services and enjoyed the massive benefits these applications have delivered to them. 

People had their eyes opened to how digital services can perform in 2021 and, unsurprisingly, they now expect this same level of quality each time they use an application.

Consumers are now seeking the “total application experience” – a high-performing, reliable, digital service, which is simple, secure, helpful and fun to use. And they want these applications to be personalised with their preferences and add real value to their lives. 

This poses a significant challenge for IT teams; how do they ensure that the end-user experience does not come at the expense of robust security?

Some 76 per cent of Australians consider it to be the brand’s responsibility to ensure that the digital service or application works perfectly, irrespective of where an issue may have occurred or who is at fault, according to the App Attention Index 2021. In addition, 92 per cent say that their expectation of brands to keep their data secure has increased since 2020. Consumers, it would seem, are demanding the best of all worlds and do not see security as something which can be compromised. 

Application-first security

Teams across IT and cyber security must collaborate to ensure that user experience and security can exist side-by-side.

Both functions need to work together on innovating the design, implementation and deployment of new digital experiences while prioritising the protection of mounting volumes of sensitive consumer data. 

A key challenge is that much of this data now resides in new cloud-based environments. Customer data can be stored across various locations and legal jurisdictions, leading to complexities around regulatory obligations and data residency restrictions.

Security and IT teams are simultaneously managing cloud-native microservices and making sense of which elements of their applications suite are on-premises, or across numerous cloud locations. 

At the same time, malicious actors are designing new threats to take advantage of new approach vectors. 

It’s clear security now needs to be an integral aspect of the application development lifecycle, rather than an afterthought.

Approaching security as a driving force of projects encourages finding ways of ensuring it does not compromise the application experience in terms of latency, useability, or any additional elements that consumers prize. Security teams – up to date with latest security advancements – will also be vital during the development cycle to help create solutions that increase the user experience.

Also known as DevSecOps, this application-led approach to security helps create applications that are as secure as they are agile. 

Meaning that insights are continually monitored and analysed, so cyber security will be more intelligent and “baked in” at every stage. It is essential for IT teams to instill a DevSecOps culture to embed security inside the application from the start.

Agile response

However, comprehensive security in today's distributed, multi-cloud environments cannot rely on perimeter-monitoring solutions that wait for and react to traffic. Such systems present challenges for teams overseeing applications and security.

Rather than taking up to 280 days to detect and respond to incursions, technologists can use an application-first strategy to protect applications from the inside out. 

Having access to the right telemetry allows security teams to identify vulnerabilities and threats within applications as early as their production, allowing real-time protection in a live environment. From this, teams can then correlate security and operations data to prioritise issues.

To do this, developers and security professionals need the right tools. These tools will allow integration of security capabilities into the runtime stack, to protect the applications’ wider environment while delivering the “total application experience” we know end-users now expect. 

While integrating cyber security and end-user convenience has often been fraught, customers are now demanding both.

Fortunately, organisations can achieve this, not to mention increased engagement, brand loyalty and commercial longevity, by moving towards an application-first security approach. 

Antoine Le Tard is the global vice-president for APJC at Cisco AppDynamics.