Virtualization Technology News and Information
Veracode 2019 Predictions: What to Expect in Cybersecurity in the Year Ahead

Industry executives and experts share their predictions for 2019.  Read them in this 11th annual series exclusive.

Contributed by Maria Loughlin, VP of Engineering, Veracode

What to Expect in Cybersecurity in the Year Ahead

There is no question that the organizations prioritizing cybersecurity most effectively will be best positioned to grow and displace competitors.

With so many businesses powered by software and applications, companies need to understand that security starts at the code level. Simply discovering and disclosing security vulnerabilities isn't enough -- it's about fixing those vulnerabilities quickly and creating effective strategies to test frequently. The businesses that succeed in becoming more secure in 2019 and beyond will be those that forge a tighter relationship between security teams and development teams working side-by-side to create code that is secure from the start, to prevent vulnerable applications from being compromised.

To prepare for this, there are particular aspects of cybersecurity that we would like to spotlight, as we believe these will be crucial to understand in the context of the ever-evolving threat landscape.

Open source risk

The Open Source ecosystem continues to explode as does the number of vulnerabilities in the reusable code. Every organization needs to know what it is using so it can react quickly to new zero-day vulnerabilities. Organizations should resolve to go further in 2019 and get proactive about use of open source.

Keep investing in automation

Many companies have been investing in automation for years - automation of testing, monitoring and metrics, CI/CD pipelines and infrastructure as code. Companies must resolve to double-down on automation investment to enable even more efficiency and quality consistency.

Aim for continuous security

You've built security into your DevSecOps pipeline, now make it continuous. Related to automation, transition to continuous security in your pipelines and dev processes. Train current team members to become security champions and make security part of the software development lifecycle. Leverage their voice to represent the security perspective in each phase of development. A nice side effect is investing in training for your team is proven to improve retention - a happy developer who is growing their career will stay in your organization.

Cloud Security

Many organizations are realizing that there is hidden risk in their cloud environments. This is especially apparent when adoption of DevOps and cloud was driven bottoms-up by shadow IT and developers. Their innovation and forward thinking may have led your organization to larger success. But, unintentionally, it may also have introduced risk due to lack of consistency and governance in early implementations. Review your existing cloud deployments for proper data encryption (at ready, in motion) with key management and key rotation. In addition, invest to evaluate your cloud security continuously using tools such as AWS Inspector and Dome 8.


About the Author


As VP of Engineering, Maria manages the development teams for Veracode's cloud-based platform and Web Application Security products. Maria joined Veracode in 2012 with 20 years of technical and management experience in companies that include Fidelity Information Services, Memento, Kronos, Open Market and Digital Equipment Corporation. She is known for her high energy, optimism, and pragmatism, and has a passion for enabling innovation in her teams and partnering business leaders.

Published Thursday, January 31, 2019 7:23 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<January 2019>