DZone
Security Zone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
  • Refcardz
  • Trend Reports
  • Webinars
  • Zones
  • |
    • Agile
    • AI
    • Big Data
    • Cloud
    • Database
    • DevOps
    • Integration
    • IoT
    • Java
    • Microservices
    • Open Source
    • Performance
    • Security
    • Web Dev
DZone > Security Zone > How Do We Fix IT Security?

How Do We Fix IT Security?

Statistics show the lack of DevSecOps processes across the board result in higher numbers of vulnerabilities and, ultimately, hinders the UX/UI of your end-product.

Tom Smith user avatar by
Tom Smith
·
Jun. 30, 17 · Security Zone · Opinion
Like (0)
Save
Tweet
2.00K Views

Join the DZone community and get the full member experience.

Join For Free

Great presentation by Mo Rosen, GM of Security at CA Technologies and Sam King, Chief Strategy Officer at Veracode during CA’s Built to Change Summit.

Every company is a software company and every digital experience connects a user with an application. This creates an infinite expansion of threat vectors with compromised user access and breach vulnerabilities.

Every business outcome depends on a secure experience:

  • User identity defines brand experience: 83% of organizations say security is critical to the brand and a competitive differentiator.
  • Cyberattacks exploit users and applications:
    • 81% of hacking-related breaches leveraged either stolen and/or weak passwords.
    • 90% of breaches exploit application defects.

Software security continues to be largely neglected:

  • Only 20% of developers are using the latest version of open-source libraries.
  • Only 36% of healthcare industry vulnerabilities are being fixed.
  • 97% of Java apps have at least one vulnerability.

As such, getting security right means securing applications and user interaction.

Security is not currently part of the QC process. Developers are not security experts. Humans cannot scan for security defects given the scale of applications. More than two-thirds of the time, security is compromised for faster time to market.

What’s the solution? Shift left, integrate security into the SDLC. Detect security checks while the code is written. Just like we have spell check when writing documents, we need to be using security detection correction when writing code. Integrate security into the SDLC so it’s easy and transparent.

Use real-time analytics and machine learning to balance security without hindering the user experience (UX). Provide baseline user privileges and then use anomaly detection and analytics to change the friction of the interaction based on the knowledge of the end user. This will result in seamless interactions for valid end-users and will result in hackers being stopped as they are unable to meet greater security challenges.

security IT

Opinions expressed by DZone contributors are their own.

Popular on DZone

  • Role of Development Team in an Agile Environment
  • Applying Kappa Architecture to Make Data Available Where It Matters
  • Maven Tutorial: Nice and Easy [Video]
  • How to Test JavaScript Code in a Browser

Comments

Security Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • MVB Program
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com
  • +1 (919) 678-0300

Let's be friends:

DZone.com is powered by 

AnswerHub logo