IT teams: Managing security threats within modern applications
This article is authored by Joe Byrne, CTO advisor, Cisco AppDynamics.
Across all sectors, Information Technology (IT) teams are ramping up their use of cloud-native technologies to increase application release velocity. Applications are now the front door for almost all businesses, and brands need to deliver ever more seamless and intuitive digital experiences in order to succeed.
However, the shift to modern, distributed applications is leaving many organisations vulnerable to security breaches. Attack surfaces are expanding dramatically, with application entities spread across microservice-based application architectures and leaving technologists with visibility gaps within their Kubernetes (open-source container orchestration system for automating software deployment, scaling, and management) environments. IT teams are recognising the limitations of siloed vulnerability scanning solutions as monitoring security throughout the development operations (DevOps) pipeline becomes increasingly challenging.
Indeed, a recent study found that the security of containers and Kubernetes has become a top concern for DevOps, engineering and security professionals. And worryingly, Aqua Security recently reported that Kubernetes clusters associated with more than 350 organisations, open-source projects and individuals are openly accessible and unprotected - and more than half of these have already been the target of an active crypto-mining campaign.
What we’re seeing now is a massive explosion of security events within Kubernetes environments. Bad actors are identifying vulnerabilities and looking to exploit them with ever more frequent and sophisticated attacks. In fact, as many as 93% of businesses have experienced at least one security incident in their Kubernetes environments in the last 12 months — and 31% have experienced financial or customer loss as a result.
Evidently, organisations need to take urgent action to get to grips with this heightened risk and ensure they don’t suffer from a reputation and revenue-impacting security breach. IT teams need to be able to rapidly locate, assess and prioritise risk and remediate security issues based on potential business impact. And this means new tools, processes and ways of working within the IT department.
In particular, organisations should be focusing on three key priorities to ensure secure development and deployments of modern applications:
1. Correlate security issues across applications entities to quickly isolate them - IT teams need to be able to correlate security issues across application entities (including business transactions, services, workload, pods and containers) to quickly isolate issues and rapidly apply fixes to reduce meantime to remediation.
Technologists need a solution which provides expanded visibility into cloud native environments. This means getting both a comprehensive overview of their application security issues and granular detail of where and how a vulnerability impacts critical areas of their application. IT teams should also be looking for a solution which allows them to group and filter vulnerabilities based on entities to view a prioritised list of vulnerabilities that affect a core area.
2. Prioritise issues through business context and business risk scoring - IT teams are being bombarded with massive volumes of alerts from across their modern application environments and therefore it can be incredibly difficult to know which issues pose the biggest threat to customers and the business.
This is why it’s essential for IT teams to get business context on their security findings in order to prioritise risk and remediate issues based on potential business impact. They need to be able to immediately analyse the importance of a business transaction and understand the sensitivity of data associated with it.
A business risk score, combining application and business impact context with vulnerability detection and security intelligence, can help IT teams understand the potential impact of each vulnerability and the criticality of each threat.
3. Remediation guidance to accelerate responses - Finally, IT teams need to look for a solution which provides prioritised and real-time remediation guidance for runtime container vulnerabilities.
Within modern, dynamic environments, a Common Vulnerability Scoring System (CVSS) is not enough to prioritise vulnerabilities because it is static and doesn’t measure risk and its exploitation predictability. IT teams should also be looking for vulnerability context and intelligence, so they can accelerate mitigation of security issues.
This type of business risk observability is now vital to bring applications and security teams together and embed security into the application lifecycle from day one. Rather than being stuck on the back foot, constantly in firefighting mode, IT teams can take a more collaborative and strategic approach to the secure development and deployment of cloud native applications.
Over the next two years, we will see a major shift towards business risk observability, with organisations bringing together application data and security intelligence to take a more strategic approach to application security. Indeed, recent Cisco research found that 93% of technologists believe that it’s now important to be able to contextualise security and to prioritise vulnerability fixes based on potential business impact.
Organisations in all industries need to act now to provide their IT teams with the right tools and insights to counter the soaring levels of risk they’re encountering within their modern applications. With expanded visibility and intelligent business risk insights across cloud native environments, IT teams can prioritise and respond in real-time to potentially damaging security threats and reduce overall organisational risk profiles. And crucially, this means that they can keep their digital transformation programmes on track and deliver the seamless digital experiences that customers now demand.
This article is authored by Joe Byrne, CTO advisor, Cisco AppDynamics.