Security concepts for the future

In a recent study in cooperation with CIO, CSO and COMPUTERWOCHE, Airlock looked at application and API security in the container environment. Here you can gain a brief insight into the interesting findings.

 

Read the complete study

You have probably already heard of DevOps. DevOps is made up of the words “development” and IT “operations”. DevOps is intended to enable more effective and efficient collaboration in the dev, ops and quality assurance (QS) fields through the use of common incentives, processes and tools. DevOps aims to improve the quality of software, the speed of development and delivery as well as collaboration between team members.

 

But have you heard of DevSecOps? The short syllable “Sec” brings software security into the mix. This concept considers the entire software lifecycle from development to delivery and operation with an additional view to security aspects – security represents a key element at all stages. This allows good, secure software to be developed and operated quickly and in a agile manner. This should not be confused with SecDevOps, which is a further development of the DevSecOps concept and, as its name implies, puts security as the number one aspect in the development process.

 

An answer to the question as to how widely the DevSecOps concept is already in use in businesses is provided by the study presented here. The fact alone that 64 percent of those surveyed said that upper IT management is directly involved in decision-making for DevSecOps measures and tools shows that this is a very business-relevant topic. At the same time, more than half of businesses complain about the severe shortage of DevSecOps professionals. This is unsurprising, but it highlights the dilemma that businesses have been facing for many years now: In all essential areas of IT security there is a lack of experts.

This development seems to be getting worse – and is happening at a rather inopportune moment. The study also shows that two thirds of businesses are using a large number, sometimes several hundred, web apps and APIs that require protection. The security of these is a prime example of where the DevSecOps concept should be used – just like a general container-based Identity and Access Management system, albeit this is something that has not yet seen widespread implementation. To ensure the best possible protection, it is possible to use either separate security solutions – one for web apps and one for APIs – or to cover both of these with a single solution. Which of these two routes businesses have decided on is often not known by the businesses themselves – a rather surprising finding that came from our survey.

As the author of the study writes:

Businesses in Germany must be made more aware of the importance of API management and API security, as well as linking this with web app security. This study is an initial step in this direction.

If you would like to learn more, you can find the results of the study for downloading here.

Read the complete study

 

Blognews directly in your mailbox

The Airlock Newsletter informs you continuously about new blog articles.

Subscribe blognews

Comments 0

Write comment

Comments closed

Information for you

-Our whitepapers-

Visit us at it-sa!

From 8 to 10 October you can visit us at the it-sa, the largest IT security event in Europe. Learn the latest news about application security, API security, access management and cloud security. In our congress on 9 October you can learn in many further lectures how you should turn your IT security from a spoilsport to an accelerator of your digitization projects.

Register now and get a free ticket

Study Application and API Security 2022

In a recent study in cooperation with CIO, CSO and COMPUTERWOCHE, Ergon Airlock looked at application and API security in the container environment.

Request study

Zero Trust is a journey

The digital transformation of the world continues to progress, and it is profoundly affecting private life and job profiles in a manner that was hard to imagine just a few years ago.

This whitepaper covers the effects of continuous digitization and its implications.

Request free of charge

Toward DevSecOps

In this whitepaper, you will learn the most important insights into how you can successfully and efficiently implement DevSecOps, which security components are required for this, and what benefits a microgateway architecture brings.

Request free of charge

Airlock 2FA - Strong Authentication. Easy.

The two-factor authentication in the area of IT security offers double the security.

Find out more about strong authentication and the possibilities that Airlock offers in our whitepaper.

Request free of charge

Further whitepapers

We provide whitepapers on these and other topics free of charge:

  • successful IAM projects
  • Compliance
  • Data protection (GDPR)
  • Introduction of PSD2
  • PCI DSS requirements
Request free of charge