New Research From Legit Security and TechTarget's Enterprise Strategy Group Shows Outdated Application Security Approaches Do Not Work With Modern Development Trends

Rhea-AI Summary

Legit Security and TechTarget's Enterprise Strategy Group (ESG) have released a report titled 'Modernizing Application Security to Scale for Cloud-native Development'. The study highlights the urgent need for organizations to modernize their application security practices to support growth and mitigate risks in cloud-native environments. Key findings include:

- 60% of organizations use Infrastructure as Code (IaC), but 67% report an increase in IaC misconfigurations.
- 45% of security teams struggle with managing risks related to generative AI usage.
- The majority of organizations experienced cybersecurity events in their cloud-native application stack in the past year.
- Only 39% of organizations report adequate security visibility for certain applications.

The report emphasizes the importance of adopting security solutions that protect the entire software factory while providing developers with necessary guardrails.

Positive

• Publication of a comprehensive study on application security trends
• Collaboration between Legit Security and TechTarget's Enterprise Strategy Group
• Insights into modern development challenges and security needs

Negative

• 67% of respondents report an increase in IaC misconfigurations
• Majority of organizations experienced cybersecurity events in cloud-native applications
• Only 39% of organizations have adequate security visibility for certain applications
• 45% of security teams struggle with managing risks related to generative AI usage

Comprehensive study shows an urgent need for organizations to adopt a modernized approach to their application security processes

BOSTON, Aug. 16, 2024 /PRNewswire/ -- Legit Security, the definitive application security posture management (ASPM) leader providing end-to-end visibility and protection across the entire software factory, and TechTarget's Enterprise Strategy Group (ESG), a leading IT analyst, research, and strategy firm, today announced the publication of Modernizing Application Security to Scale for Cloud-native Development. The report delves into the development trends driving the need to modernize application security programs and evaluates pressing challenges that application security teams encounter with their current tools. The findings underscore the urgency for organizations to modernize their application security practices so that they can support growth and mitigate risks.

"Organizations are increasingly adopting new technologies so that they can bolster their software development, and as modern development has changed, so have attacker tactics," said Joe Nicastro, Field CTO, Legit Security. "Development teams are using cloud-native technologies to drive efficiency and optimize innovation, but this often leads to a larger attack surface due to misconfigurations, vulnerable plug-ins, and excessive permissions throughout the SDLC. In today's environment, organizations must adopt security solutions that can protect their software factory from end-to-end while providing developers with the guardrails they need to do their best work safely."

The report found that application teams face a number of challenges, such as keeping up with the speed and volume of releases and prioritizing remediation. These challenges highlight the importance of a modernized approach and alignment with development and DevOps teams for improved collaboration. Additionally, nearly all organizations reported difficulties in fixing vulnerabilities after applications are deployed, reinforcing the significance of incorporating security processes and tools in the build process.

The report's key findings include:

• 60% of organizations use IaC to simplify infrastructure provisioning and easily deploy software applications. However, with increased IaC adoption, misconfigurations can be magnified because flaws are easily proliferated if not addressed. Of particular concern, 67% of respondents report an increase in IaC misconfigurations.
• 45% of security teams supporting cloud-native development processes said understanding and managing risks related to usage of generative AI is their biggest challenge, followed by measuring and improving AppSec program effectiveness, and understanding developer environments and assets to effectively manage security.
• The majority of organizations experienced a cybersecurity event involving their cloud-native application stack in the last 12 months, with secrets stolen from a source code repository (32%) coming in as the most common incident.
• Only 39% of organizations report that their security teams have visibility for certain applications, reinforcing the necessity for visibility into security testing in development.

"Our research calls attention to how traditional application security teams need solutions that support modern development processes as they scale to drive productivity and business growth," said Melinda Marks, Practice Director, Cybersecurity, Enterprise Security Group. "The research showed that in addition to securing the applications, security teams need to address security related to how developers work, including secrets, pipeline tools, containers, and source code repositories. While these elements enable developers to work quickly and collaborate, the added attack surfaces and chance for mistakes become greater as development scales. By understanding and addressing these areas, organizations can improve their security programs. This is important as we have seen all too often that just one incident can have severe ramifications on the business, including data loss, business disruption, application downtime, customer data loss, malware, and compliance fines."

To download the report, visit http://info.legitsecurity.com/esg-modernizing-application-security-to-scale-for-cloud-native-development.

To read our latest blog and perspective on the report, visit https://www.legitsecurity.com/blog/esg-survey-report-finds-ai-secrets-and-misconfigurations-plague-appsec-teams. 

Methodology
TechTarget's Enterprise Strategy Group surveyed 350 IT, cybersecurity, and application development professionals in North America (US and Canada) responsible for evaluating, purchasing, and utilizing developer-focused security products (i.e., application/code security testing tools, software composition analysis, policy-setting tools, remediation tools, etc.). 

About Legit Security
Legit is a new way to manage your application security posture for security, product, and compliance teams. With Legit, enterprises get a cleaner, easier way to manage and scale application security and address risks from code to cloud. Built for the modern SDLC, Legit tackles the most challenging problems facing security teams, including GenAI usage, proliferation of secrets, and an uncontrolled dev environment. Fast to implement and easy to use, Legit lets security teams protect their software factory from end to end, gives developers guardrails that let them do their best work safely, and delivers metrics that prove the security program's success. This new approach means teams can control risk across the business – and prove it.

About ESG
Enterprise Strategy Group is an integrated technology analysis, research, and strategy firm providing market intelligence, actionable insight, and go-to-market content services to the global technology community. It is increasingly recognized as one of the world's leading analyst firms in helping technology vendors make strategic decisions across their go-to-market programs through factual, peer-based research. ESG is a division of TechTarget, Inc. (Nasdaq: TTGT), the global leader in purchase intent-driven marketing and sales services focused on delivering business impact for enterprise technology companies.

Media Contact for Legit Security:
Michelle Yusupov
Hi-Touch PR
443-857-9468
yusupov@hi-touchpr.com

SOURCE Legit Security

FAQ

What are the key findings of the Legit Security and ESG report on application security?

The report found that 60% of organizations use IaC, 67% report increased IaC misconfigurations, 45% struggle with AI-related risks, and only 39% have adequate security visibility. It also revealed that most organizations experienced cybersecurity events in their cloud-native application stack in the past year.

How does the report suggest organizations should modernize their application security?

The report suggests organizations adopt security solutions that protect the entire software factory while providing developers with necessary guardrails. It emphasizes the need for visibility into security testing in development and addressing security related to how developers work, including secrets, pipeline tools, containers, and source code repositories.

What is the most common cybersecurity incident reported in cloud-native application stacks?

According to the report, the most common cybersecurity incident in cloud-native application stacks is secrets stolen from a source code repository, reported by 32% of organizations.

How many IT professionals were surveyed for the Legit Security and ESG report?

The report surveyed 350 IT, cybersecurity, and application development professionals in North America (US and Canada) responsible for evaluating, purchasing, and utilizing developer-focused security products.