Joe Byrne, CTO Advisor, Cisco AppDynamics, discusses the growing cybersecurity challenges in modern application environments, particularly in Kubernetes, due to rapid development prioritising speed over security.
It’s no coincidence that as the shift to modern application is increasing, so is the number of security incidents. A study from Red Hat found that the majority (93%) of businesses have experienced at least one security incident in their Kubernetes environments in the past 12 months.
For a third of these organisations (31%), the result has been financial or customer losses. Because many Kubernetes clusters are openly accessible and unprotected, organisations in their quest to becoming ‘cloud-first’, are unintentionally also becoming increasingly vulnerable to reputation and revenue-impacting security breaches.
The challenge is that the change has been rapid and as a consequence, security teams simply don’t have the tools and insights they need to counter the new breed of threats. Wide adoption of modern applications is leading to a dramatic expansion in attack surfaces and security professionals now have major visibility gaps across their application landscape, particularly within Kubernetes environments. The sprawling topology of applications means that without specific tools, it’s almost impossible for them to understand where new threats are coming from.
This is exacerbated by the fact that security teams have no way to filter through the deluge of alerts, and without the ability to prioritise threats, it’s impossible to correctly determine which issues pose the greatest risk. Indeed, in a recent survey of global technologists, Cisco identified that the majority of technologists admitted that they often end up operating in ‘security limbo’ because they don’t know what to focus on and prioritise.
Organisations have been quick to embrace the shift to modern applications but they must stop short of also addressing the security threats that these now introduce. For security teams, this means embracing new ways of working and implementing new security solutions.
Application security is being hampered by siloed teams and tools
In their efforts to cater to growing customer needs and demands and to stay ahead of the competition, many organisations have (understandably) prioritised speed over security within application development over recent years. However, the implications of this are now being felt across all industries, with IT teams reporting massive increases in security threats within their modern application environments.
The shortcoming is that the same organisation that recognises the competitive edge that modern applications can give them, fails to see how rapidly this advantage can be eroded when issues occur. Security is treated as an afterthought rather than an essential component and security teams operate in relative isolation from other IT teams responsible for developing and maintaining applications. Such fragmented structures and working practices mean ITOps and security teams really only collaborate when a potential issue is identified – very much after Pandora’s box has already been opened. Security teams are only brought in at the very end of the application development pipeline for fear that taking time to consider the security implications might slow down release velocity.
Because of this archaic approach, many security teams today have limited visibility into Kubernetes environments, making it challenging to identify and address vulnerabilities. This is further complicated by the fact that current security solutions work well in silos but not together. Consequently, technologists struggle to get a comprehensive view of their organisation’s security posture. Teams are being bombarded with alerts from across the application landscape but are finding it hard to cut through the noise to understand the risk level of security issues. As a result, technologists have no way of telling which security issues pose the greatest threat to their organisations and their customers and employees.
In the modern enterprise a perfect storm is quietly brewing – a constantly evolving and ever more threatening risk landscape, a shortage of skills and resources to manage security within cloud-native environments, a lack of visibility and insight to identify and understand vulnerabilities and an absence of a shared vision and goals within the IT department. There’s little wonder then that security professionals are feeling so concerned about a serious application security breach within their organisation.
Business risk observability, a modern approach for application security
Isolated tools and teams cannot effectively protect modern applications. In order to securely develop and deploy cloud applications, security teams need expanded visibility into cloud-native environments. They need to be able to correlate security issues across application entities (including business transactions, services, workload, pods and containers) to quickly isolate issues and rapidly apply fixes to reduce mean time to remediation.
Technologists need a comprehensive overview of their application security issues, as well as granular detail of where and how a vulnerability impacts critical areas of their application. Not just this, they also need business context on their security findings, to rapidly locate, assess and prioritise risk and remediate issues based on potential business impact.
Business risk observability is rapidly growing in popularity because it gives security teams the ability to bring together application performance data and business impact context with vulnerability detection and security intelligence. This means they can identify which business transactions pose the most severe risk to the business. Teams can generate a business risk score for all vulnerabilities, allowing them to prioritise the issues with the potential to do most damage to the business.
IT teams are increasingly recognising the need for a business lens on security findings. In our research, 93% of technologists stated that it’s now important to be able to contextualise security and to prioritise vulnerability fixes based on potential business impact.
With business risk observability, security teams are no longer left in isolation. Instead, they can come together with application and security teams around a single source of truth for all application availability, performance and security data. It paves the way for closer collaboration and a move towards a DevSecOps model in the IT department, with application security becoming a shared responsibility for all technologists. This also leads to security being prioritised at every point in the application lifecycle, which results in more secure applications and easier security management, before, during and after release.
As applications become more complex and business critical, attackers are sure to up the ante. In the era of zero-day threats, where vulnerabilities can stay undetected for weeks, months and even years, business risk observability enables security teams to adopt the joined-up, proactive and business-focused approach to application security which is now essential to mitigate risk.
Click below to share this article
