Industry executives and experts share their predictions for 2019. Read them in this 11th annual VMblog.com series exclusive.
Contributed by Maria Loughlin, VP of Engineering, Veracode
What to Expect in Cybersecurity in the Year Ahead
There is no question that the organizations
prioritizing cybersecurity most effectively will be best positioned to grow and
displace competitors.
With so many businesses powered by software and
applications, companies need to understand that security starts at the code
level. Simply discovering and disclosing security vulnerabilities isn't enough
-- it's about fixing those vulnerabilities quickly and creating effective
strategies to test frequently. The businesses that succeed in becoming more
secure in 2019 and beyond will be those that forge a tighter relationship
between security teams and development teams working side-by-side to create
code that is secure from the start, to prevent vulnerable applications from
being compromised.
To prepare for this, there are particular aspects of
cybersecurity that we would like to spotlight, as we believe these will be
crucial to understand in the context of the ever-evolving threat landscape.
Open source risk
The Open Source ecosystem continues to explode as does the
number of vulnerabilities in the reusable code. Every organization needs to
know what it is using so it can react quickly to new zero-day vulnerabilities.
Organizations should resolve to go further in 2019 and get proactive about use
of open source.
Keep investing in automation
Many companies have been investing in automation for years -
automation of testing, monitoring and metrics, CI/CD pipelines and
infrastructure as code. Companies must resolve to double-down on automation
investment to enable even more efficiency and quality consistency.
Aim for continuous security
You've built security into your DevSecOps pipeline, now make
it continuous. Related to automation, transition to continuous security in your
pipelines and dev processes. Train current team members to become security
champions and make security part of the software development lifecycle.
Leverage their voice to represent the security perspective in each phase of
development. A nice side effect is investing in training for your team is
proven to improve retention - a happy developer who is growing their career
will stay in your organization.
Cloud Security
Many organizations are realizing that there is hidden risk
in their cloud environments. This is especially apparent when adoption of
DevOps and cloud was driven bottoms-up by shadow IT and developers. Their
innovation and forward thinking may have led your organization to larger
success. But, unintentionally, it may also have introduced risk due to lack of
consistency and governance in early implementations. Review your existing cloud
deployments for proper data encryption (at ready, in motion) with key
management and key rotation. In addition, invest to evaluate your cloud
security continuously using tools such as AWS Inspector and Dome 8.
##
About the Author
As VP of Engineering, Maria manages the development
teams for Veracode's cloud-based platform and Web Application Security
products. Maria joined Veracode in 2012 with 20 years of technical and
management experience in companies that include Fidelity Information Services,
Memento, Kronos, Open Market and Digital Equipment Corporation. She is known
for her high energy, optimism, and pragmatism, and has a passion for enabling
innovation in her teams and partnering business leaders.