Security News > 2023 > May > Inadequate tools leave AppSec fighting an uphill battle for cloud security
AppSec teams are stuck in a catch-up cycle, unable to keep up with the increasingly rapid, agile dev pace, and playing security defense via an endless and unproductive vulnerability chase, according to Backslash Security.
Far and wide, enterprises are victims of this costly 'defensive tax:' the cost of employing AppSec engineers who chase vulnerabilities rather than drive a comprehensive cloud-native AppSec program is estimated to be upwards of $1.2 million annually.
Given the accelerated pace of digital innovation across enterprises of all sizes and the blurred lines between AppSec and CloudSec, enterprise AppSec teams are saddled with solutions that have not caught up to the cloud pace.
Almost all organizations are seeing a widespread impact of the lack of cloud-native AppSec tools, including growing friction between AppSec and dev teams, jeopardized ability to generate revenue and inability to retain high-value dev talent and AppSec talent; 94% of respondents cited multiple issues with today's AppSec technologies; top complaints were the considerable amount of time spent prioritizing findings and that existing AppSec tools are noisy.
The report emphasizes the urgent need for a new AppSec paradigm that maps a clear path to a modern standard for cloud-native AppSec success, characterized by end-to-end visualization of all microservices, automatic identification and prioritization of real risks, and intelligent triaging and remediation.
"These outdated AppSec methodologies hamper productivity, innovation and talent retention for both AppSec and dev teams. The cloud-native application development paradigm calls for a new, unified approach to application security that will make the friction between development and AppSec teams a thing of the past, enable enterprises to retain valuable talent, and accelerate innovation and growth," added Man.
News URL
https://www.helpnetsecurity.com/2023/05/19/outdated-appsec-methodologies/
Related news
- Watch Out For These 8 Cloud Security Shifts in 2025 (source)
- Balancing cloud security with performance and availability (source)
- Avoiding vendor lock-in when using managed cloud security services (source)
- Why multi-cloud security needs a fresh approach to stay resilient (source)
- Cloud security gains overshadowed by soaring storage fees (source)
- Google Acquires Wiz for $32 Billion in Its Biggest Deal Ever to Boost Cloud Security (source)
- Google to purchase Wiz for $32 billion in cloud security play (source)
- Cloud security explained: What’s left exposed? (source)
- Oracle Cloud security SNAFU latest: IT giant accused of pedantry as evidence vanishes (source)
- How CISOs can balance security and business agility in the cloud (source)