Enterprise Software Security Strategies

Similar documents
Vendor Managed Inventory Strategies

The Evolution of Application Monitoring

Web Security. Discovering, Analyzing and Mitigating Web Security Threats

Accelerating Software Security With HP. Rob Roy Federal CTO HP Software

HP Fortify application security

Changing the Enterprise Security Landscape

Fortify. Securing Your Entire Software Portfolio

Testing the Security of your Applications

How To Improve Cloud Performance

Tata Communications Security Outsourcing. A Must-have for Entry into the Global Economy.

Application Security Center overview

HP Application Security Center

Introduction to Runtime Application Self Protection (RASP) Making Applications Self Protecting, Self Diagnosing and Self Testing

Some thoughts about cloud computing risks. Andris Soroka 28 th of January, 2015 Riga, Latvia

Testing Solutions to Tackle Application Security Checkpoint Technologies SQGNE. Jimmie Parson Checkpoint Technologies

Organizations Continue to Rely on Outdated Technologies, When Advanced Threats a Reality

Application Security Testing. Jesper Kråkhede

WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY?

HP Fortify Software Security Center

Testing the Security of your Applications

CYBER SECURITY, A GROWING CIO PRIORITY

Streamlining Application Vulnerability Management: Communication Between Development and Security Teams

Call Center Cost Control Strategies

Решения HP по информационной безопасности

Cyber Threats Insights from history and current operations. Prepared by Cognitio May 5, 2015

Worldwide Security and Vulnerability Management Forecast and 2013 Vendor Shares

WHITE PAPER AUTOMATED, REAL-TIME RISK ANALYSIS AND REMEDIATION

AUTOMATED PENETRATION TESTING PRODUCTS

Security Operation Centre 5th generation

Dynamic Security for the Hybrid Cloud

Executive Survey Results Customer Engagement Strategies

Web application security Executive brief Managing a growing threat: an executive s guide to Web application security.

Black Box versus White Box: Different App Testing Strategies John B. Dickson, CISSP

pingidentity.com IDENTITY SECURITY TRENDS IN THE MOBILE ERA

Corporate Security in 2016.

Trends in Big Data Discovery and Analytics! Summary Results! November 2014!

Cybersecurity in the States 2012: Priorities, Issues and Trends

Take back the initiative

Combating a new generation of cybercriminal with in-depth security monitoring

New York State Department of Financial Services. Report on Cyber Security in the Insurance Sector

Vulnerabilities: A 360 Degree Approach

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

NNIT Cybersecurity. A new threat landscape requires a new approach

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

Learning objectives for today s session

Internet threats: steps to security for your small business

Designing & Implementing. Programs. MBA Bank Expo 2012 April 11, 2012

Challenges in Recurring Revenue Observations from the Companies Utilizing Recurring Revenue A Study

A PROVEN THREAT A TRUSTED SOLUTION MCCANN CYBER SECURITY SOLUTIONS

Moderator: Benjamin McGee, CISSP Cyber Security Lead SAIC

Application Security in the Software Development Lifecycle

Vendor Managed Inventory Strategies! Summary Results September 2013!

Rational AppScan & Ounce Products

Plan of Attack 5 Step Plan

Managed Security Services for Data

7 Things All CFOs Should Know About Cyber Security

80% of responders already have some sort of cloud access; 81% of responders already have or are investigating or developing a cloud strategy.

Compliance. Review. Our Compliance Review is based on an in-depth analysis and evaluation of your organization's:

Security and Privacy

HP Fortify Application Security Lucas v. Stockhausen PreSales Manager HP Fortify EMEA Enterprise Security

Be Fast, but be Secure a New Approach to Application Security July 23, 2015

Data-Centric Security. New imperatives for a new age of data

Nine Steps to Smart Security for Small Businesses

Scott Lucas: I m Scott Lucas. I m the Director of Product Marketing for the Branch Solutions Business Unit.

Why The Security You Bought Yesterday, Won t Save You Today

Data Centric Security: The Village Idiot lives in the Castle

From the Bottom to the Top: The Evolution of Application Monitoring

2012 Application Security Gap Study: A Survey of IT Security & Developers

Winning the Cyber Security Small-Medium Business Opportunity. Steve Pataky VP, WW Channels & Alliances

Assumption of Breach: A New Approach to Cyber Security

Security Intelligence

Cybersecurity: Considerations for Internal Audit. IIA Atlanta Chapter Meeting January 9, 2015

El costo oculto de las aplicaciones Vulnerables. Faustino Sanchez. WW Security Sales Enablement. IBM Canada

Address C-level Cybersecurity issues to enable and secure Digital transformation

Peer Research Cloud Security Insights for IT Strategic Planning

Continuous Network Monitoring

Assuring Application Security: Deploying Code that Keeps Data Safe

Statement for the Record. Martin Casado, Senior Vice President. Networking and Security Business Unit. VMware, Inc. Before the

Rapid Cyber Remediation Response Management. Using the Game-Changing Capabilities from Project Remedies Inc.

10 Smart Ideas for. Keeping Data Safe. From Hackers

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

How Your Current IT Security System Might Be Leaving You Exposed TAKEAWAYS CHALLENGES WHITE PAPER

Check Point Partner Marketing Campaign Plan

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

PCI DSS Overview and Solutions. Anwar McEntee

CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT

Threat Intelligence: The More You Know the Less Damage They Can Do. Charles Kolodgy Research VP, Security Products

BAE Systems Cyber Security Survey Report

HIPAA Compliance Evaluation Report

INDUSTRY OVERVIEW: HEALTHCARE

case study Core Security Technologies Summary Introductory Overview ORGANIZATION: PROJECT NAME:

Research Results. April Powered by

IBM Security Strategy

Gaining the upper hand in today s cyber security battle

The Cyber Security Leap: From Laggard to Leader. April 2015

NATIONAL CYBER SECURITY AWARENESS MONTH

Cyber Security Risks for Banking Institutions.

Endpoint & Server Protection. Brent Biernat First Vice President Network Services May 13, 2014

REPORT Perimeter Security Defenses. State of Perimeter Security Defenses, Time to Think Different?

The SMB Cyber Security Survival Guide

Transcription:

Enterprise Software Security Strategies Summary Results October 2014

Program Overview Between June and September, 2014, Gatepoint Research invited IT and Security executives to participate in a survey themed Enterprise Software Security Strategies. Candidates were invited via email and 300 executives have participated to date. Management levels represented were predominantly senior decision makers: 22% held the title CxO or VP; 56% were Directors, and 22% were Managers or Analysts. Survey participants represent firms from a wide range of industries including business, financial, and consumer services, education, healthcare, media, and manufacturing. 50% of the responding organizations are in the Fortune 1000. 18% had annual revenues between $500 million and $1.5 billion, 8% between $250 and $500 million, and 21% less than $250 million. 100% of responders participated voluntarily; none were engaged using telemarketing. Summary Results October 2014

Observations and Conclusions Application-related security breaches are a primary concern for surveyed IT and security executives: 68% report that they are very or critically concerned about security issues within its applications. Risk is exacerbated through the deployment of externally developed software that can t be easily controlled: 63% use large commercial applications and develop custom components for those applications. 34% deploy a large number of apps that are developed by third parties; 23% say more than half of their code is developed externally Additionally, a high number of organizations rely on outsourced development including open source with 47% saying more than a quarter of their applications are developed externally Despite these risks, outdated approaches to security persist: While 74% of responders report that they are doing some penetration testing (with a majority of testing being outsourced) for assessing the security of the web applications, a majority of enterprises (66%) focus on perimeter defenses (firewalls, encryption, virus protection), but have not invested in software security. Summary Results October 2014

Observations and Conclusions Stakeholder buy-in is a major hurdle to software security 48% cite it as a top challenge to achieving software security goals. Other challenges include: Understanding the full risk in the portfolio (42%) Keeping up with demand for deploying new apps (51%) Confidence in software security is generally low: 52% admit to feeling not particularly upbeat or generally negative about the security of the software running in their business. When asked about how they feel about the future of cyber attacks and hacking sophistication, 59% say every security professional needs to be on their game and 47% report that threats are expanding. Despite the lack of confidence in the current security situation, senior management is waking up to security of business software and applications as a serious issue: 50% say they are beginning to set clear objectives and goals for business software and applications Summary Results October 2014

How does your organization currently procure, build, and integrate software applications? We use large commercial applications and develop custom components 63% We do a lot of custom in-house development 61% We deploy a large number of apps that are developed by third parties 34% We leverage open-source 25% We develop apps externally 14% 0% 10% 20% 30% 40% 50% 60% 70% Surveyed organizations use a lot of customization to build, and integrate software applications: 63% use large commercial applications and develop custom components; 61% Summary do a lot of Results custom in-house October development. 2014

What percentage of apps are developed externally? 75 to 100% 9% N/A 7% 50 to 75% 15% 0 to 25% 45% 25 to 50% 24% 47% develop more than a quarter of their apps externally, and of those Summary 23% develop Results more October than half 2014 their apps externally.

An estimated 84% of all security breaches are application-related, not firewall violations. To what extent is your organization focused on addressing security issues in its applications? (Rate on a scale of 1-5, 1=unconcerned, 5=critically N/A 2% 3 22% 2 5% 4 or 5 Critically concerned 69% 4 30% 5 Critically concerned 39% 1 Unconcerned 2% 69% report that they are very or critically concerned Summary about security Results issues October in its applications. 2014

What are you doing to improve security at the application level? Penetration testing 74% % of Penetration Testing Outsourced Focused on perimeter defenses, (firewalls, encryption, virus protection, etc.,) Periodic code reviews 55% 67% N/A 12% 0 to 25% 28% Use a 3rd party auditor 52% 75 to 100% 30% Investigating software security solutions Full scale software security testing program in place 37% 35% 0% 10% 20% 30% 40% 50% 60% 70% 80% 50 to 75% 17% 25 to 50% 13% Top method for improving security at the app level is penetration testing (74%). 47% outsource Summary Results more than October half their 2014 penetration testing.

Which software security products or solutions are you using to help protect the code of your custom-developed applications? None 39% IBM AppScan Other 19% 20% HP Fortify SCA HP WebInspect 15% 16% Coverity 5% Don't know / can't say Veracode 2% 3% 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% An astonishing 39% admit that their organization is not using any software security Summary products Results or solutions October to lock 2014 down custom code.

What are the top challenges you face in achieving your software security goals? Keeping up with the business demands for deploying new applications Getting various stakeholders to agree on software security goals and priorities 48% 51% Getting our arms around the complete application portfolio and which applications present the highest risk to our business 42% Finding security testing products that are easy to use 27% Hiring and training qualified staff 8% Executive level support 5% 0% 10% 20% 30% 40% 50% 60% Stakeholder buy-in (48%), understanding the full risk in the portfolio (42%), and keeping up with demand for deploying new apps (51%) are top challenges cited with regards to achieving Summary software Results security October goals. 2014

In light of the challenges you ve identified, how do you feel about the security of the software running your business? Rate on a scale of 1-5, (1= I have no idea and I m afraid to find out. 5= I know with confidence which applications put us at risk because they lack the code to protect us against attacks.) 5 Absolutely know which apps are risky because they don't have the right code to protect against attack 11% 1 No idea / afraid to find out 2% 2 10% 4 35% 1, 2, 3 Not particularly upbeat to generally negative 52% 3 41% 52% admit to feeling not particularly upbeat or generally negative about the security Summary of Results the software October running 2014 in their business.

What do you feel is the future of cyber attacks, hacking sophistication, etc.? Cloudy future. Every security professional must be on their game 59% Dark. The threats are expanding and very, very clever 47% Hard to say. Seems we get good, they get good 33% The trend is fewer attacks, better defenses, smarter resources 6% The good guys will eventually win by outwitting the bad guys 2% 0% 10% 20% 30% 40% 50% 60% 70% IT security execs expect to see increased cyber attacks and Summary expanding Results sophistication October 2014 in hacking.

How does senior management regard application security? We are beginning to set clear objectives and security goals for the software and applications that run our business 50% Headline-grabbing breeches in our industry have them alarmed 37% Recent incidents have gotten their attention 34% We are always fighting for funds to support application security 22% Not on the radar 9% 0% 10% 20% 30% 40% 50% 60% Senior management is waking up to security as a serious issue 50% say they are beginning to set clear Summary objectives Results and goals October for business 2014 software and applications.

Profile of Responders: Industry Sectors Mfg - General 8% Wholesale Trade 5% Consumer Services 5% Retail Trade 8% Business Services 25% Healthcare 11% Financial Services 26% Mfg - High Tech 12% Responders come from a wide range of industries Summary Results October 2014

Profile of Responders: Revenue >$1.5billion 48% $500 million $1.5 billion, 18% $250-500 million, 8% <$250 million, 21% Responders represent companies from a wide range of revenue sizes. Summary Results October 2014

Profile of Responders: Job Level CxO/VP, 22% Director, 56% Manager/Analyst, 22% Survey participants are senior IT and Security staff and executives. Summary Results October 2014

HP Fortify is an Application Security Testing solution that identifies and prioritizes security vulnerabilities in software so that issues are fixed and removed quickly before they can be exploited for cybercrime. HP Fortify combines the most comprehensive static and dynamic testing technologies with security research from HP s global research team and can be deployed in-house or as a managed service to build a Software Security Assurance program that meets the evolving needs of today s IT organizations Summary Results October 2014

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information