Cue the Aladdin theme song. When it comes to secure application development, it’s a whole new world.
Our own Mike D. Kail recently sat down with the folks from CyberWire to discuss this topic, specifically about development’s evolution from “old world” to “new world.” You can check out the podcast here. And in today’s blog, we explore this new world concept and the challenges it poses for CIOs.
The traditional approach to code, application, and network has relied on creating a well-defined security perimeter around a company’s IT assets and then assuming that this “walled garden” is sufficient to provide continuous protection.
However, this legacy model is no longer adequate given today’s need for digital transformation, which is driven by cloud migration, DevOps adoption, agile development and container orchestration platforms. The network perimeter has dissolved and is now moving towards an application-defined perimeter. We have moved from a static to an elastic, ephemeral world.
Another emerging theme is the “Rise of the Developer” and, in some cases not just developers. Coding is no longer isolated within development teams. We see analysts on Wall Street who pull down Docker images from Docker Hub and download third party and open source libraries from anywhere, without any safeguards in place to determine if they have any potential vulnerabilities or are even the latest version.
As a result, organizations’ risk posture changes constantly based on what development is doing. Security professionals and CIOs are left struggling with a lack of visibility as they are unable to accurately assess exposure and risk on a continuous basis to keep pace with the increasing velocity of the development organization.
At CYBRIC, we provide confidence, visibility and assurance to CIOs and security professionals as they adapt to the new, elastic world of development and the dynamic cybersecurity landscape.