Most security and risk (S&R) professionals in our industry have heard of Top 10 Lists. For example, OWASP and their community of contributors have expanded their Top 10 security projects to include Mobile Apps, APIs, IoT, Serverless, Containers, Blockchain, etc. In fact, there are a large number of OWASP Projects currently underway. Comparably, Forrester recently released their report on The Top Security Technology Trends To Watch, 2020. Through the use of client queries, research projects, and industry perspectives, the Forrester report discusses trends that will likely disrupt S&R practices over the next three years. In the report, one trend in particular is noteworthy of deeper consideration.
The COVID-19 pandemic is inescapably modifying working conditions, forcing unwanted budget cuts, altering the broad terrain of security technologies, and is putting further emphasis on doing more with less. Few can dispute that automation of technologies and approaches across the entire IT security portfolio is now high on the list of initiatives designed to improve operational efficiency. Increased automation is needed more than ever before since it holds the promise of boosting productivity without increasing costs. In terms of application security, transformation derived from automation is vastly needed, but what does automation mean overall?
According to the International Society of Automation, they define it as, “the creation and application of technology to monitor and control the production and delivery of products and services”. Although the non-profit association of engineers, technicians, and management personnel lean more towards industrial automation, their goal is to build a better world through the application of automation. In comparison, this same concept can be applied elsewhere, for example, throughout the software development process. Since software is at the very root of many products and services delivered today, automation of security processes and technologies during software development–that lead to more secure software–can have tremendous impact on business outcomes.
As organizations adopt DevOps methodologies to increase software release frequency, automation of security technologies within the continuous integration, delivery, and deployment (CI/CD) toolchain is key to releasing more secure software—faster. Those moving towards DevSecOps acknowledge that security cannot become a point of contention that slows release frequency, but instead, should actually help increase it. And this is where Forrester makes their first observation.
In the Forrester report, the No. 1 security and risk technology trend highlights the need for application security tools to be integrated (automatically) with CI/CD pipelines to mitigate process gaps. In fact, the report states, “Organizations that can’t bridge the gaps will see delayed product releases or increases in the number of security issues in released products.” Simply put, if organizations cannot address security tool integration and automation within their software development processes, then it will likely lead to decreased revenue opportunities and increased operational risks.
Furthermore, the Forrester report highlights why the No. 1 trend will disrupt legacy S&R practices and what organizations should do to adjust to this trend, instead of suffering from it. More than ever before, our industry agrees that software development and security must be inseparable, and the tools, processes, technologies, and approaches used to develop software must take security automation into account. Through the integration and automation of application security testing solutions used during software development, they will actually become a buttress to the process instead of a hindrance.
To learn more about Forrester’s No. 1 trend observation and recommendation, download the full report here.
You can also register for a live webinar taking place on September 10th with Forrester Research, Inc. Principal Analyst Sandy Carelli and Chris Merritt, Director of Professional Services at Checkmarx where they’ll discuss:
- Why AppSec should be at the top of the priority list to implement or improve upon in 2020
- The fundamental steps organizations should take across people, processes, and technology
- Key questions to ask your AppSec vendors