Industry executives and experts share their predictions for 2022. Read them in this 14th annual VMblog.com series exclusive.
AppSec Earns Its Spot as Essential IT Investment Priority in 2022
By Dennis Hurst, founder and president of Saltworks
If 2021 was
the year DevOps finally got into the "integrating security" game and started
weaving a security mindset into software development, 2022 is poised to deliver
the total infusion of DevSecOps as enterprise development standards continue to
evolve right alongside digital transformation initiatives within
organizations.
Progressive
CSOs and CTOs know that if a team isn't able to properly manage DevSecOps and
view AppDev as a comprehensive cycle from design to production to retirement,
many of the value-driving aspects of enterprise IT will be lost. In the year
ahead, the rest of the C-suite will be holding them all accountable for how
well security is integrated into the mix, how it demonstrates return on
investment (such as the impact of reducing the cost per bug factor to the
smallest ratio), and how adherence to AppSec requirements align with
performance and productivity (of products and human resources).
Saltworks
customers and partners consistently say that the ability to measure both the
security and maturity of applications from a security perspective will also be
the C-Suite's responsibility. And, given evolving privacy laws, executives face
tremendous pressure to drive the requirement for real-time KPIs around
application security.
Where
AppSec has an immediate, visible impact
The State
of DevOps Report from Puppet (2021) found that many organizations in the middle
stages of a DevOps evolution have plateaued. When you're "in the weeds" of the
"shift left," it can be challenging to stay on track.
While smaller,
more nimble teams have been able to pivot faster toward DevSecOps excellence
than complex large-scale development groups, consistency, commitment and
collaboration around a security-focused ideology can make or break an AppDev
shop (regardless of size or geolocation). This will be especially true given
the continued proliferation of open source and varying development
environments. Migrating to a hybrid, cloud-based or other scenario requires
AppDev teams to concentrate even more on security as part of the effort to
incorporate controls from ideation to launch to reduce downtime, increase
scalability and accelerate time to market.
The landscape
will continuously evolve for AppSec, demanding that AppDev keep pace so
DevSecOps truly becomes a defacto standard. Application Security as a concept
is so effective that it will broaden into other areas, too. As apps are
delivered as containers and more of the aspects that traditionally were
"operational security" become part of the container, the role of AppSec will
expand. Containerization makes the move to cloud, hybrid and other environments
faster, easier and safer. It also improves software delivery speed, platform
independence, resource utilization and process reliability to allow for quick
adjustments to new business expectations and ongoing market demand.
Couple all of
that with a renewed focus on data security and it's no wonder AppSec is leading
the charge for enterprise software teams to minimize application
vulnerabilities. AppDev teams that increase security data integration and
centralized dashboarding for better enterprise AppSec management are sure to
have a competitive advantage in 2022 and beyond.
##
ABOUT THE AUTHOR
Dennis Hurst, founder and president of Saltworks, has been at the forefront of application security and software development for more than 30 years. Extensive managerial experience across all aspects of the software development lifecycle – DevOps, testing, QA, product strategy, IT operations, etc. – has made Hurst a trusted advisor of application security programs for Fortune 500 companies across every industry.
As a founding member of the Cloud Security Alliance, Hurst co-authored the first two versions of its Application Security guidelines and is an advocate for the Open Web Application Security Project. A sought-after industry speaker, he provides best practice and industry insight to the media, research and analyst communities. Hurst remains committed to partnering with organizations to build world-class application security programs that support the rapid pace of enterprise software development.