Security concepts for the future
In a recent study in cooperation with CIO, CSO and COMPUTERWOCHE, Airlock looked at application and API security in the container environment. Here you can gain a brief insight into the interesting findings.
You have probably already heard of DevOps. DevOps is made up of the words “development” and IT “operations”. DevOps is intended to enable more effective and efficient collaboration in the dev, ops and quality assurance (QS) fields through the use of common incentives, processes and tools. DevOps aims to improve the quality of software, the speed of development and delivery as well as collaboration between team members.
But have you heard of DevSecOps? The short syllable “Sec” brings software security into the mix. This concept considers the entire software lifecycle from development to delivery and operation with an additional view to security aspects – security represents a key element at all stages. This allows good, secure software to be developed and operated quickly and in a agile manner. This should not be confused with SecDevOps, which is a further development of the DevSecOps concept and, as its name implies, puts security as the number one aspect in the development process.
An answer to the question as to how widely the DevSecOps concept is already in use in businesses is provided by the study presented here. The fact alone that 64 percent of those surveyed said that upper IT management is directly involved in decision-making for DevSecOps measures and tools shows that this is a very business-relevant topic. At the same time, more than half of businesses complain about the severe shortage of DevSecOps professionals. This is unsurprising, but it highlights the dilemma that businesses have been facing for many years now: In all essential areas of IT security there is a lack of experts.
This development seems to be getting worse – and is happening at a rather inopportune moment. The study also shows that two thirds of businesses are using a large number, sometimes several hundred, web apps and APIs that require protection. The security of these is a prime example of where the DevSecOps concept should be used – just like a general container-based Identity and Access Management system, albeit this is something that has not yet seen widespread implementation. To ensure the best possible protection, it is possible to use either separate security solutions – one for web apps and one for APIs – or to cover both of these with a single solution. Which of these two routes businesses have decided on is often not known by the businesses themselves – a rather surprising finding that came from our survey.
As the author of the study writes:
Businesses in Germany must be made more aware of the importance of API management and API security, as well as linking this with web app security. This study is an initial step in this direction.
If you would like to learn more, you can find the results of the study for downloading here.