By Joe Byrne, CTO Advisor, Cisco Observability
The shift to modern, distributed applications has led to a dramatic increase in attack surfaces, with organisations increasingly vulnerable to revenue and reputation-impacting security risks. According to Red Hat, 93% of businesses have experienced at least one security incident in their Kubernetes environments in the past 12 months – and 31% have experienced financial or customer loss as a result.
Growing adoption of cloud-native application development is allowing organisations to innovate at greater speeds and instill agility into their operations, but it is also exponentially raising complexity for application and security teams. In a recent Cisco study, 92% of global technologists admitted that the rush to rapidly innovate and respond to the changing needs of customers has come at the expense of robust application security during software development.
As a result, many organisations are now struggling to cope with an explosion of security incidents within their modern applications, as bad actors look to exploit vulnerabilities within Kubernetes environments with ever more varied and sophisticated attacks.
Application security is now a business-critical imperative
IT teams need to act quickly and decisively in order to protect their customer data and the reputation of their organisations. And this means ensuring they have the tools, insights and working practices to bring together applications and security teams to securely develop and deploy modern applications. Crucially, businesses need to apply business context to their security findings so that teams can rapidly locate, assess and prioritise risk, and then remediate issues based on potential business impact.
Applications are now the front door for almost every business across every industry, and market leadership and commercial success are driven by the ability of organisations to deliver ever more intuitive and seamless digital experiences to their customers.
It follows, therefore, that brand trust and loyalty are now built upon application security and performance. However, with the shift to cloud-native technologies, vulnerabilities can occur anytime and anywhere, making it incredibly difficult and time-consuming for application teams and security teams to assess risks and prioritise actions.
Organisations need clear visibility of each new security risk with real-time vulnerability analytics. But
with so many new and constantly changing threats within Kubernetes environments, traditional
vulnerability scanning solutions simply don’t provide adequate information.
The need for business risk observability
Security teams have to be able to quickly assess risks based on potential business impact, align teams and triage threats. And in order to do this they need to rapidly understand where vulnerabilities exist across application entities – business transactions, services, workload, pods and containers – so that they can quickly isolate them. They then need to assess the severity of these risks, the likelihood that they will be exploited and the risk to the business of each issue.
This type of business risk observability is essential for technologists to understand and prioritise risks. By combining application performance data and business impact context with vulnerability detection and security intelligence, IT teams can prioritise security issues with a business risk score, which allows them to easily identify which business transactions present the greatest risk to the business. For instance, they can assess the sensitivity of customer data associated with a particular business transaction or calculate the potential loss of revenue.
By prioritizing security issues with business context, organisations can improve key metrics such as mean time to detect (MTTD) and mean time to remediation (MTTR). Rather than being stuck on the back foot, scrambling to identify and fix the most pressing issues, IT teams can work together and take a more strategic approach, based on real-time business transaction data.
Encouragingly, technologists are recognising the need for change – 93% state that it’s now important to be able to contextualise security so that they can correlate risk about other key areas such as the application, user and business, and to prioritise vulnerability fixes based on potential impact.
Crucially, business risk observability helps organisations to bring their applications and security teams together around a single source of truth for all application availability, performance, and security data. In the era of zero-day threats, where vulnerabilities can remain unknown for long periods, all teams need to work cross-functionally on secure deployments of modern applications.
Business risk observability provides a platform for IT departments to shift to an integrated DevSecOps approach. Teams are able to collaborate far more effectively and embed security into the application lifecycle from the outset, with development teams adhering to the organisation’s most critical security priorities. With Gartner predicting that 95% of new digital workloads will be deployed on cloud-native platforms by 2025, Kubernetes within modern application environments will become an increasingly attractive target for bad actors to exploit vulnerabilities over the coming years. And for IT leaders, this represents a significant new threat that they simply haven’t had to consider before. Applications security must become a major priority for IT departments in all sectors.
Business risk observability allows organisations to manage this explosion in threats and develop and deploy cloud native applications securely. In doing so, they can continue to accelerate their digital transformation programs on a sustainable basis and ensure that their applications are delivering maximum value to customers and the business.