DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports Events Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
  1. DZone
  2. Software Design and Architecture
  3. Security
  4. How Do We Fix IT Security?

How Do We Fix IT Security?

Statistics show the lack of DevSecOps processes across the board result in higher numbers of vulnerabilities and, ultimately, hinders the UX/UI of your end-product.

Tom Smith user avatar by
Tom Smith
CORE ·
Jun. 30, 17 · Opinion
Like (0)
Save
Tweet
Share
2.21K Views

Join the DZone community and get the full member experience.

Join For Free

Great presentation by Mo Rosen, GM of Security at CA Technologies and Sam King, Chief Strategy Officer at Veracode during CA’s Built to Change Summit.

Every company is a software company and every digital experience connects a user with an application. This creates an infinite expansion of threat vectors with compromised user access and breach vulnerabilities.

Every business outcome depends on a secure experience:

  • User identity defines brand experience: 83% of organizations say security is critical to the brand and a competitive differentiator.
  • Cyberattacks exploit users and applications:
    • 81% of hacking-related breaches leveraged either stolen and/or weak passwords.
    • 90% of breaches exploit application defects.

Software security continues to be largely neglected:

  • Only 20% of developers are using the latest version of open-source libraries.
  • Only 36% of healthcare industry vulnerabilities are being fixed.
  • 97% of Java apps have at least one vulnerability.

As such, getting security right means securing applications and user interaction.

Security is not currently part of the QC process. Developers are not security experts. Humans cannot scan for security defects given the scale of applications. More than two-thirds of the time, security is compromised for faster time to market.

What’s the solution? Shift left, integrate security into the SDLC. Detect security checks while the code is written. Just like we have spell check when writing documents, we need to be using security detection correction when writing code. Integrate security into the SDLC so it’s easy and transparent.

Use real-time analytics and machine learning to balance security without hindering the user experience (UX). Provide baseline user privileges and then use anomaly detection and analytics to change the friction of the interaction based on the knowledge of the end user. This will result in seamless interactions for valid end-users and will result in hackers being stopped as they are unable to meet greater security challenges.

security IT

Opinions expressed by DZone contributors are their own.

Popular on DZone

  • PostgreSQL: Bulk Loading Data With Node.js and Sequelize
  • Three SQL Keywords in QuestDB for Finding Missing Data
  • Best Practices for Writing Clean and Maintainable Code
  • How to Create a Real-Time Scalable Streaming App Using Apache NiFi, Apache Pulsar, and Apache Flink SQL
Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com
  • +1 (919) 678-0300

Let's be friends: