Recent large-scale breaches at retail organizations have demonstrated that cyber-criminals are using a variety of techniques to penetrate enterprises. Because enterprises have effectively locked down their networks, this leaves web and mobile applications as the path of least resistance. As enterprises continue to produce more applications in order to drive their businesses, their inability to scale current application security programs means only business-critical applications are audited for security. This leaves a significant number of web and mobile applications vulnerable, creating long-term security threats as cyber-criminals attack the path of least resistance into an IT infrastructure, without regard to whether the application is business-critical or a little-used web site.
“In order to close this gap, enterprises need a new and more scalable approach to application security that allows organizations to mature their programs with consistent enterprise-wide policies and metrics,” said Pejman Pourmousa, director of security program management, Veracode. “Using an automated cloud-based service makes it possible for enterprises to keep pace with the speed of innovation without sacrificing security.”
Veracode’s cloud-based service offers an alternative to legacy, on-premises approaches. Because it is simpler and more scalable, the Veracode service will allow enterprises to close the growing application security gap, reducing risk at their organizations.
The IDG study asked executives at large enterprises about their application security programs and practices. The purpose of this study was to gain a better understanding of the enterprise application security environment, particularly for internally developed applications. The study also forecasted future application development, changes to security budgets, and application security vulnerabilities.