I attended the Gartner Security Summit held in Maryland,USA on June 17th - a 4 day event with about 3,500 attendees and about 200 vendor exhibits. Yes, that’s right! That’s how active and competitive the security space is.
Apart from attending the Gartner analyst sessions, I also networked with a few CISOs and Security folks over the lunches and breakfasts. Here are a few applications security trends and recommendations that I heard during my time at the summit:
- Open Source and third party components are becoming ubiquitous in the enterprise builds. Hence, Enterprises now are exposed to increased open source software security risks.
- SCA or Software composition analysis has come off peak on the “hype” cycle and now becoming a reality. Gartner’s Zaira Pirzada recommends application security solutions that provide SCA as a feature.
- Understand that there is often a trade-off between speed and depth of analysis provided by application security testing tools. Consideration needs to be made while making your pick
- Increasingly developers are playing an important role in deciding on the application security solutions
- Gartner Magic quadrant for application security is a good place to start with, for application security tools and avoid the noise. Niche players in the quadrant like CAST offer capabilities like Application Health metrics in addition to application security
- False positives and lack of coverage continue being the challenges for the application security tools. Machine learning is increasingly seen as way to fix this gap.
- Shifting security left or building codes with security-in are increasingly gaining attention and interest. Enterprises are still not completely aware of Software quality and better coding standards and practices promoted by organizations like CISQ.
- Most enterprises also do not know how to enforce engineering adherence to coding standards and best practices to build secure code. This is a challenge and more education and training is needed.