by Jim Cavanaugh
The accelerated pace of digitalisation today comes with added pressure to satisfy customers’ needs for user-friendly apps that keep them engaged and entranced. We’re now heavily reliant on apps to help us complete daily tasks – like ordering food, or flagging a taxi – in just a few clicks. This only became more apparent in 2020 as lockdowns saw us turn to our phones to ensure we kept physically distanced, yet connected to the outside world.
However, an unprecedented rise in malicious security threats puts forth a very real challenge for companies to deal with as they race to keep up with growing demand. Indeed, it’s perhaps no surprise that Southeast Asia saw a sharp rise in the number of security threats and cyber incidents last year. And according to a Kearney report, ASEAN countries need to spend between 0.35 and 0 .61 percent of their GDP—or $171 billion collectively—on cybersecurity in the period spanning 2017 to 2025, in order to address the scale of the issue.
Of course, a breach at the best of times causes mistrust. But when it comes to the apps we love and use all the time, there is an almost unspoken expectation that they have to be secure – and if they’re not, the sense of ‘betrayal’ is that much greater, and harder to come back from. Developing secure applications and delivering optimal user experiences are therefore vital for businesses to stay competitive.
The teams maintaining these top-notch user experiences are under immense stress as they not only walk the thin line between UX and security, but also the need to support greater IT capabilities as a whole. In the wake of the pandemic, according to a recent AppDynamics report, two thirds (64%) of responding technologists are now being asked to perform tasks and activities that are foreign to them.
The need for speed may also be resulting in important safety measures being left out – for example, overly relying on open source libraries to get the code together and not double checking whether there are any vulnerabilities in said code.
Against this backdrop of quick life cycles and increasing demands on IT, it’s time for a shift. Adopting a DevSecOps model is becoming increasingly important to ensure that security is baked into the very DNA of applications right from the outset (as opposed to being reserved to the end of production as a final quality assessment). But it requires a certain mindset in order to be effective and ensure things don’t still slip through the cracks. So what can teams do to ensure they achieve their overall business objectives while keeping an eye out for security breaches in waiting?
- Stakeholder alignment: IT teams are known for working in silos which can cause miscommunications and delays, especially when there’s a need to move fast. A DevSecOps model cuts down those silos to ensure everyone is working in sync as apps go through their various iterations.
- Security team as enablers: The full team’s opinions should be valued in the development of security practices and in the release cycles.
- Leverage the advancements in security tools: There is plenty of buzz surrounding a passwordless world – because passwords resets are expensive, and still pose problems for users. Using AI to analyse security threats instead is worth considering, though be mindful that hackers will also leverage AI to crack your algorithms.
- Be ready for anything: Every decision comes with risks and your team needs to be ready to face any problems that arise. Your customers will be assured that you have their best interests at heart if your team has an efficient way to identity and rectify issues.
- Security in the DNA: Traditionally, security measures have been ‘wrapped around’ apps – but in the modern application, which runs everywhere, that’s not enough to keep them safe. Security must be built into the application from the start. Ideally, it should be automated and flexible enough to keep up with the needs of dynamic applications. Companies should stay competitive by innovating, adopting cloud technology and evolving their security with it.
2020 came with tremendous challenges but also with many opportunities for application developers, UX designers and security teams to upgrade themselves and propel their careers forward. Everyone living in a digitalised world understands the frustrations and demands of digital services and applications. As users, we expect our applications to provide the best experiences with watertight security. Your customers deserve the same.
Jim Cavanaugh is an APJ President at AppDynamics, a Cisco company.
