Why Digital Transformation and Software Security Must Go Hand-in-Hand
- 21 May, 2020 12:40
Digital transformation is at its peak, with software being the backbone of the proliferation and adoption of all technologies. As software is embedded further into our day-to-day lives, security must be placed front-and-center.
We sat down with Raygan Flores, Country Manager for Australia and New Zealand at Checkmarx, to discuss the critical need for application and software security, the driving factors behind this need, and Checkmarx’s continued rise in the AppSec market in light of an already massive 2020, including noteworthy recognition from leading analyst firm Gartner.
Let’s talk about software security. Software is everywhere, moreso than people seem to realise. How is the cybersecurity industry as a whole addressing this rapidly expanding landscape?
Raygan: Software is the foundation of modern business. If you take a step back and really look at things, you’ll notice that software is intertwined with nearly everything we interact with – our cars, our watches, even our smart appliances. Software has arguably had a larger impact on the world than any other technological innovation to-date. However, it is a double-edged sword. With these benefits come security challenges.
Time and time again, we have seen examples of software full of exploitable vulnerabilities being released and subsequently abused by malicious actors. New software use cases are being rushed to market every day, further expanding the attack surface at an unprecedented pace. We also observe that traditional approaches of attempting to protect vulnerable software and applications from the outside-in are failing, and a better way of securing software from the inside-out is needed. We as an industry must get today’s organisations to a point where more-secure software is being released consistently.
What gaps are you seeing with software security when it comes to Australian organizations? How does this compare to other markets?
Raygan: Many organizations have gained maturity in their understanding of AppSec and DevSecOps, but the actual adoption of these models remains limited. There continues to be a gap between what is recognized as important to what is actually prioritized and executed upon.
The lack of enforcement on these policies and processes comes with great security risk, and the challenge of having multiple tools in the market adds further complexity to this issue rather than simplicity. These security gaps require a fundamental change in overall thinking. This is not unique to just our market; it’s a trend that exists worldwide.
So, what is needed to turn the tides?
Raygan: The way today’s organisations think about and approach software security in the context of new development methodologies like DevOps needs to change. In today’s modern software security era, in order to meet the demands from the continued explosion of new and emerging technologies, application security testing (AST) solutions are required that can help organizations deliver more secure software in a more efficient manner.
Checkmarx, which was recently recognized as a Leader in Gartner’s 2020 Magic Quadrant for Application Security Testing for the third straight year, takes a unique approach to AST. We help customers move to automated security scanning as part of the DevOps process so they can improve the security and quality of their software without slowing down development speeds. Tightly integrating SAST, IAST, SCA, and developer application security awareness and training into DevSecOps, we’re able to deliver the industry’s most comprehensive software security solution that address all stages of the software development lifecycle.
What’s on the horizon for Checkmarx?
Raygan: As we continue to advance our leadership position in the AST market, we’re committed to standing by and supporting all organisations as they navigate the complexities of modern digital transformation and uplifting the practice of developing more secure software across the industry. Now, more than ever, security must be top-of-mind for all organizations, software developers, and end users alike.