STOCK TITAN

New Research From Legit Security and TechTarget's Enterprise Strategy Group Shows Outdated Application Security Approaches Do Not Work With Modern Development Trends

Rhea-AI Impact
(Low)
Rhea-AI Sentiment
(Neutral)
Tags

Legit Security and TechTarget's Enterprise Strategy Group (ESG) have released a report titled 'Modernizing Application Security to Scale for Cloud-native Development'. The study highlights the urgent need for organizations to modernize their application security practices to support growth and mitigate risks in cloud-native environments. Key findings include:

- 60% of organizations use Infrastructure as Code (IaC), but 67% report an increase in IaC misconfigurations.
- 45% of security teams struggle with managing risks related to generative AI usage.
- The majority of organizations experienced cybersecurity events in their cloud-native application stack in the past year.
- Only 39% of organizations report adequate security visibility for certain applications.

The report emphasizes the importance of adopting security solutions that protect the entire software factory while providing developers with necessary guardrails.

Legit Security e il TechTarget's Enterprise Strategy Group (ESG) hanno pubblicato un rapporto intitolato 'Modernizzare la Sicurezza delle Applicazioni per Scalare nello Sviluppo Cloud-nativo'. Lo studio mette in evidenza l'urgenza per le organizzazioni di modernizzare le loro pratiche di sicurezza delle applicazioni per supportare la crescita e mitigare i rischi negli ambienti cloud-nativi. I principali risultati includono:

- Il 60% delle organizzazioni utilizza l'Infrastructure as Code (IaC), ma il 67% segnala un aumento delle misconfigurazioni dell'IaC.
- Il 45% dei team di sicurezza ha difficoltà a gestire i rischi legati all'uso dell'intelligenza artificiale generativa.
- La maggior parte delle organizzazioni ha subito eventi di cybersicurezza nel loro stack di applicazioni cloud-native nell'ultimo anno.
- Solo il 39% delle organizzazioni riferisce di avere una visibilità di sicurezza adeguata per alcune applicazioni.

Il rapporto sottolinea l'importanza di adottare soluzioni di sicurezza che proteggano l'intera fabbrica software, fornendo nel contempo ai sviluppatori delle linee guida necessarie.

Legit Security y el Enterprise Strategy Group (ESG) de TechTarget han publicado un informe titulado 'Modernizando la Seguridad de Aplicaciones para Escalar en el Desarrollo Nativo de la Nube'. El estudio destaca la urgente necesidad de que las organizaciones modernicen sus prácticas de seguridad de aplicaciones para apoyar el crecimiento y mitigar riesgos en entornos nativos de la nube. Los hallazgos clave incluyen:

- El 60% de las organizaciones utiliza Infraestructura como Código (IaC), pero el 67% informa un aumento en las malas configuraciones de IaC.
- El 45% de los equipos de seguridad tiene dificultades para gestionar los riesgos relacionados con el uso de la inteligencia artificial generativa.
- La mayoría de las organizaciones experimentó eventos de ciberseguridad en su pila de aplicaciones nativas de la nube en el último año.
- Solo el 39% de las organizaciones informa tener una visibilidad de seguridad adecuada para ciertas aplicaciones.

El informe enfatiza la importancia de adoptar soluciones de seguridad que protejan toda la fábrica de software, al mismo tiempo que proporcionan a los desarrolladores las pautas necesarias.

Legit Security와 TechTarget의 Enterprise Strategy Group (ESG)이 '클라우드 네이티브 개발을 위한 애플리케이션 보안 현대화'라는 보고서를 발표했습니다. 이 연구는 조직이 성장 지원 및 클라우드 네이티브 환경에서의 위험 완화를 위해 애플리케이션 보안 관행을 현대화할 긴급한 필요성을 강조합니다. 주요 발견 사항은 다음과 같습니다:

- 조직의 60%가 코드로서의 인프라(IaC)를 사용하고 있지만, 67%는 IaC 구성 오류 증가를 보고합니다.
- 보안 팀의 45%가 생성적 AI 사용과 관련된 위험 관리에 어려움을 겪고 있습니다.
- 대다수의 조직이 지난 1년 동안 클라우드 네이티브 애플리케이션 스택에서 사이버 보안 사건을 경험했습니다.
- 조직의 39%만 특정 애플리케이션에 대한 적절한 보안 가시성을 보고합니다.

이 보고서는 전체 소프트웨어 공장을 보호하는 보안 솔루션을 채택하는 것의 중요성을 강조하며, 개발자에게 필요한 가이드라인을 제공합니다.

Legit Security et le TechTarget's Enterprise Strategy Group (ESG) ont publié un rapport intitulé 'Moderniser la Sécurité des Applications pour Évoluer dans le Développement Cloud-natif'. L'étude souligne le besoin urgent pour les organisations de moderniser leurs pratiques de sécurité applicative afin de soutenir la croissance et d'atténuer les risques dans les environnements cloud-natifs. Les principales conclusions incluent :

- 60 % des organisations utilisent l'Infrastructure en tant que Code (IaC), mais 67 % signalent une augmentation des erreurs de configuration de l'IaC.
- 45 % des équipes de sécurité ont des difficultés à gérer les risques liés à l'utilisation de l'intelligence artificielle générative.
- La majorité des organisations ont connu des événements de cybersécurité dans leur pile d'applications cloud-natives au cours de l'année passée.
- Seules 39 % des organisations rapportent une visibilité de sécurité adéquate pour certaines applications.

Le rapport souligne l'importance d'adopter des solutions de sécurité qui protègent l'ensemble de l'usine logicielle tout en fournissant aux développeurs les garde-fous nécessaires.

Legit Security und die Enterprise Strategy Group (ESG) von TechTarget haben einen Bericht mit dem Titel 'Modernisierung der Anwendungssicherheit zur Skalierung für cloud-native Entwicklung' veröffentlicht. Die Studie hebt die dringende Notwendigkeit für Organisationen hervor, ihre Praktiken zur Anwendungssicherheit zu modernisieren, um Wachstum zu unterstützen und Risiken in cloud-nativen Umgebungen zu mindern. Zu den wichtigsten Ergebnissen gehören:

- 60% der Organisationen nutzen Infrastructure as Code (IaC), aber 67% berichten von einem Anstieg an IaC-Misconfigurationen.
- 45% der Sicherheitsteams haben Schwierigkeiten, Risiken im Zusammenhang mit der Nutzung von generativer KI zu managen.
- Die Mehrheit der Organisationen hat im vergangenen Jahr Cybersecurity-Vorfälle in ihrem cloud-nativen Anwendungssstack erlebt.
- Nur 39% der Organisationen berichten von einer angemessenen Sicherheitssichtbarkeit für bestimmte Anwendungen.

Der Bericht betont die Wichtigkeit der Annahme von Sicherheitslösungen, die die gesamte Softwarefabrik schützen und gleichzeitig den Entwicklern die notwendigen Leitlinien bieten.

Positive
  • Publication of a comprehensive study on application security trends
  • Collaboration between Legit Security and TechTarget's Enterprise Strategy Group
  • Insights into modern development challenges and security needs
Negative
  • 67% of respondents report an increase in IaC misconfigurations
  • Majority of organizations experienced cybersecurity events in cloud-native applications
  • Only 39% of organizations have adequate security visibility for certain applications
  • 45% of security teams struggle with managing risks related to generative AI usage

Comprehensive study shows an urgent need for organizations to adopt a modernized approach to their application security processes

BOSTON, Aug. 16, 2024 /PRNewswire/ -- Legit Security, the definitive application security posture management (ASPM) leader providing end-to-end visibility and protection across the entire software factory, and TechTarget's Enterprise Strategy Group (ESG), a leading IT analyst, research, and strategy firm, today announced the publication of Modernizing Application Security to Scale for Cloud-native Development. The report delves into the development trends driving the need to modernize application security programs and evaluates pressing challenges that application security teams encounter with their current tools. The findings underscore the urgency for organizations to modernize their application security practices so that they can support growth and mitigate risks.

"Organizations are increasingly adopting new technologies so that they can bolster their software development, and as modern development has changed, so have attacker tactics," said Joe Nicastro, Field CTO, Legit Security. "Development teams are using cloud-native technologies to drive efficiency and optimize innovation, but this often leads to a larger attack surface due to misconfigurations, vulnerable plug-ins, and excessive permissions throughout the SDLC. In today's environment, organizations must adopt security solutions that can protect their software factory from end-to-end while providing developers with the guardrails they need to do their best work safely."

The report found that application teams face a number of challenges, such as keeping up with the speed and volume of releases and prioritizing remediation. These challenges highlight the importance of a modernized approach and alignment with development and DevOps teams for improved collaboration. Additionally, nearly all organizations reported difficulties in fixing vulnerabilities after applications are deployed, reinforcing the significance of incorporating security processes and tools in the build process.

The report's key findings include:

  • 60% of organizations use IaC to simplify infrastructure provisioning and easily deploy software applications. However, with increased IaC adoption, misconfigurations can be magnified because flaws are easily proliferated if not addressed. Of particular concern, 67% of respondents report an increase in IaC misconfigurations.
  • 45% of security teams supporting cloud-native development processes said understanding and managing risks related to usage of generative AI is their biggest challenge, followed by measuring and improving AppSec program effectiveness, and understanding developer environments and assets to effectively manage security.
  • The majority of organizations experienced a cybersecurity event involving their cloud-native application stack in the last 12 months, with secrets stolen from a source code repository (32%) coming in as the most common incident.
  • Only 39% of organizations report that their security teams have visibility for certain applications, reinforcing the necessity for visibility into security testing in development.

"Our research calls attention to how traditional application security teams need solutions that support modern development processes as they scale to drive productivity and business growth," said Melinda Marks, Practice Director, Cybersecurity, Enterprise Security Group. "The research showed that in addition to securing the applications, security teams need to address security related to how developers work, including secrets, pipeline tools, containers, and source code repositories. While these elements enable developers to work quickly and collaborate, the added attack surfaces and chance for mistakes become greater as development scales. By understanding and addressing these areas, organizations can improve their security programs. This is important as we have seen all too often that just one incident can have severe ramifications on the business, including data loss, business disruption, application downtime, customer data loss, malware, and compliance fines."

To download the report, visit http://info.legitsecurity.com/esg-modernizing-application-security-to-scale-for-cloud-native-development.

To read our latest blog and perspective on the report, visit https://www.legitsecurity.com/blog/esg-survey-report-finds-ai-secrets-and-misconfigurations-plague-appsec-teams

Methodology
TechTarget's Enterprise Strategy Group surveyed 350 IT, cybersecurity, and application development professionals in North America (US and Canada) responsible for evaluating, purchasing, and utilizing developer-focused security products (i.e., application/code security testing tools, software composition analysis, policy-setting tools, remediation tools, etc.). 

About Legit Security
Legit is a new way to manage your application security posture for security, product, and compliance teams. With Legit, enterprises get a cleaner, easier way to manage and scale application security and address risks from code to cloud. Built for the modern SDLC, Legit tackles the most challenging problems facing security teams, including GenAI usage, proliferation of secrets, and an uncontrolled dev environment. Fast to implement and easy to use, Legit lets security teams protect their software factory from end to end, gives developers guardrails that let them do their best work safely, and delivers metrics that prove the security program's success. This new approach means teams can control risk across the business – and prove it.

About ESG
Enterprise Strategy Group is an integrated technology analysis, research, and strategy firm providing market intelligence, actionable insight, and go-to-market content services to the global technology community. It is increasingly recognized as one of the world's leading analyst firms in helping technology vendors make strategic decisions across their go-to-market programs through factual, peer-based research. ESG is a division of TechTarget, Inc. (Nasdaq: TTGT), the global leader in purchase intent-driven marketing and sales services focused on delivering business impact for enterprise technology companies.

Media Contact for Legit Security:
Michelle Yusupov
Hi-Touch PR
443-857-9468
yusupov@hi-touchpr.com

SOURCE Legit Security

FAQ

What are the key findings of the Legit Security and ESG report on application security?

The report found that 60% of organizations use IaC, 67% report increased IaC misconfigurations, 45% struggle with AI-related risks, and only 39% have adequate security visibility. It also revealed that most organizations experienced cybersecurity events in their cloud-native application stack in the past year.

How does the report suggest organizations should modernize their application security?

The report suggests organizations adopt security solutions that protect the entire software factory while providing developers with necessary guardrails. It emphasizes the need for visibility into security testing in development and addressing security related to how developers work, including secrets, pipeline tools, containers, and source code repositories.

What is the most common cybersecurity incident reported in cloud-native application stacks?

According to the report, the most common cybersecurity incident in cloud-native application stacks is secrets stolen from a source code repository, reported by 32% of organizations.

How many IT professionals were surveyed for the Legit Security and ESG report?

The report surveyed 350 IT, cybersecurity, and application development professionals in North America (US and Canada) responsible for evaluating, purchasing, and utilizing developer-focused security products.

TechTarget, Inc.

NASDAQ:TTGT

TTGT Rankings

TTGT Latest News

TTGT Stock Data

821.70M
29.24M
11.06%
94.32%
3.01%
Internet Content & Information
Telegraph & Other Message Communications
Link
United States of America
NEWTON