Security News > 2023 > May > Inadequate tools leave AppSec fighting an uphill battle for cloud security
AppSec teams are stuck in a catch-up cycle, unable to keep up with the increasingly rapid, agile dev pace, and playing security defense via an endless and unproductive vulnerability chase, according to Backslash Security.
Far and wide, enterprises are victims of this costly 'defensive tax:' the cost of employing AppSec engineers who chase vulnerabilities rather than drive a comprehensive cloud-native AppSec program is estimated to be upwards of $1.2 million annually.
Given the accelerated pace of digital innovation across enterprises of all sizes and the blurred lines between AppSec and CloudSec, enterprise AppSec teams are saddled with solutions that have not caught up to the cloud pace.
Almost all organizations are seeing a widespread impact of the lack of cloud-native AppSec tools, including growing friction between AppSec and dev teams, jeopardized ability to generate revenue and inability to retain high-value dev talent and AppSec talent; 94% of respondents cited multiple issues with today's AppSec technologies; top complaints were the considerable amount of time spent prioritizing findings and that existing AppSec tools are noisy.
The report emphasizes the urgent need for a new AppSec paradigm that maps a clear path to a modern standard for cloud-native AppSec success, characterized by end-to-end visualization of all microservices, automatic identification and prioritization of real risks, and intelligent triaging and remediation.
"These outdated AppSec methodologies hamper productivity, innovation and talent retention for both AppSec and dev teams. The cloud-native application development paradigm calls for a new, unified approach to application security that will make the friction between development and AppSec teams a thing of the past, enable enterprises to retain valuable talent, and accelerate innovation and growth," added Man.
News URL
https://www.helpnetsecurity.com/2023/05/19/outdated-appsec-methodologies/
Related news
- What native cloud security tools won’t catch (source)
- Cloud security explained: What’s left exposed? (source)
- Oracle Cloud security SNAFU latest: IT giant accused of pedantry as evidence scrubbed (source)
- Ransomware spike exposes cracks in cloud security (source)
- Cloud providers aren’t delivering on security promises (source)
- There are 10,000 reasons to doubt Oracle Cloud's security breach denial (source)
- New Security Flaws Found in VMware Tools and CrushFTP — High Risk, PoC Released (source)
- GitHub expands security tools after 39 million secrets leaked in 2024 (source)
- Observability is security’s way back into the cloud conversation (source)
- Google's got a hot cloud infosec startup, a new unified platform — and its eye on Microsoft's $20B+ security biz (source)