Home Insights Opinion Application-first cybersecurity: what it is and why it matters The complexity brought about by the new cloud-based environments means customer data can be stored across many different locations or legal jurisdictions by Gregg Ostrowski October 4, 2021 As cybersecurity month is here, and we are all urged to #BeCyberSmart, we should subject our threat postures to review. The pandemic has thrown into sharp relief the need for cybersecurity best practices, and the shift in behaviours towards the digital — applications and connected services — calls for a re-examination of how we share and protect data. The AppDynamics App Attention Index 2021 report – “Who takes the rap for the app?” – a deep dive into consumer habits and attitudes towards applications and digital services has revealed a greater reliance than ever on always-on, responsive digital experiences. This year’s index reveals the number of applications regularly used by the average consumer to have increased by 30 per cent during 2020. We see a lot of digital newcomers among this increase, because of the pandemic, forced into using applications to buy household essentials, seek medical advice, try something new and keep in touch with friends and family. Of course, bad actors saw this increased digitisation as an opportunity, across the region and around the world. Last June alone, the UAE’s Telecommunications and Digital Government Regulatory Authority (TDRA) responded to around 100,000 incidents, from phishing to malware. That is an average of more than two incidents every minute. And Saudi Arabia saw some 7 million attacks in the first two months of 2021, most of which were attempts to compromise the remote-access protocols used by those learning and working from the assumed safety of their own homes. The expectations game But we cannot turn back the clock. Neophytes and digital natives alike have been charmed by the undeniable innovation of lockdown-era digital experiences. Across the region, innovation followed innovation, leading to expectations among consumers of yet more innovation. Application performance and availability are now prime concerns of business stakeholders. Our research found a consistent preference for a total application experience, that delivers performance and reliability as standard. Security is assumed and personalisation is demanded. So, to add value for consumers, those in charge of applications cannot allow security — necessary though it may be — to compromise the end-user experience. But they also need to ensure that security is robust enough to protect app users. Some 62 per cent of respondents in the survey considered security critical to their overall experience, which made security on average the most important element of the experience to consumers. This is an interesting finding when we consider the surge in digital engagement that we have seen in the past 18 months. Consumers, it would seem, are demanding the best of all worlds and do not see security as something on which to compromise. Some 90 per cent of consumers expect security as standard. Application-first security Application-first threat postures may be counterintuitive to security teams, but just as a cyber-incident can decimate a business, so can the lack of consumer engagement that lackluster experiences will cause. IT and cybersecurity teams must work together to overcome this challenge. The IT sprawl that resulted from hasty migrations to cloud environments has brought with it complexity and heightened workloads for technology teams. Both IT and security functions need to collaborate on the design, implementation, and deployment of fresh digital experiences while protecting the mounting volumes of sensitive consumer data they collect. The complexity brought about by these new cloud-based environments means customer data can be stored across many different locations or legal jurisdictions. This can have implications for regulatory obligations, especially as they pertain to data residency restrictions. Meanwhile, malicious parties are designing new threats and taking advantage of new approach vectors at a time when security and IT teams are trying to manage cloud-native microservices, while making sense of which elements of their applications suite are running on-prem, and which are in this cloud or that cloud. It is time to return to the drawing board. Security now needs to be an integral part of the application development lifecycle, rather than an afterthought. We need to let it be the driving force of projects so that we can find ways of ensuring it does not compromise the experience in terms of latency, useability, or any other element that consumers prize. Security teams staying in tune with latest advancements in security will also be able to introduce them in the development cycle ensuring they can help with solutions that increase the user experience. Agile response But comprehensive security in distributed, multi-cloud environments cannot rely on perimeter-monitoring solutions that wait for traffic to come to them. Such set-ups are challenging for the teams that oversee applications and security. They can take up to 280 days to detect and mitigate an incursion if they do not have access to the right telemetry. With the appropriate approach, technologists can protect applications from the inside out. The application-first strategy identifies vulnerabilities and threats within applications while they are in production, allowing their real-time protection in a live environment. Teams can then correlate security and operations data to form a priority list of issues to be addressed. Of course, to deliver this application-first methodology, developers and security professionals need the right tools. These tools will allow platform-independent integration of security capabilities into the runtime stack to protect the application’s wider environment while delivering the all-important “total application experience” that we know end-users now expect. The relationship between cybersecurity and end-user convenience has always been fraught. But now that consumers are telling us plainly that they expect both, we must find a way to deliver. Fortunately, if we manage to build an application-first culture within our workflows, the benefits will be increased customer engagement, brand loyalty, and commercial longevity. Gregg Ostrowski is the executive CTO at AppDynamics Read: UAE consumers claim brands have one shot to impress them Tags AppDynamics application security cybersecurity 0 Comments You might also like Cover story: How regtech tools can help UAE-based entities enhance compliance and security Interview: Positive Technologies maps cybersecurity trends in MENA Illumio’s Trevor Dearing explains the critical need for a Zero Trust Approach in times of AI Cybersecurity: Evolving threats for enterprise ecosystems