It would be tough to exaggerate just how important application development has become for businesses of all kinds. From mobile consumer-facing apps to internal customer relationship management and content delivery tools, we've seen applications permeate the entirety of organizations' operations.
This trend hasn't reached its peak, either. If anything, application development will become more prevalent and more important as 2015 wears on. This will present major opportunities for any and all companies willing to fully embrace forward-thinking application development strategies – as long as security factors heavily into these plans. Most importantly, companies will need to utilize tools such as static analysis solutions that can provide high levels of reliability and accuracy while also improving developer productivity.
Unfortunately, we've seen a significant amount of evidence that suggests organizations' application developers are not currently striking the right balance between security and productivity.
Consider, for example, the recent 2015 State of Application Delivery survey from F5 Networks. This study, which included insight from more than 300 organizations in a diverse range of industries, found that application environments are "huge, and growing." One-fifth of respondents indicated they had deployed between 201 and 500 applications in their organizations, while 28 percent had developed and deployed between one and 200 applications. Fifty-six percent of participants believed that mobile apps will have strategic importance for their businesses in the next two to five years.
However, despite the growing role that applications are playing for these firms' business operations, only 30 percent of respondents indicated that they could not imagine deploying applications without security services. Availability services were seen as more critical, cited by 40 percent of participants.
This would seem to suggest that business leaders are underappreciating the importance of security when developing and implementing new applications. This misalignment of priorities puts companies at serious risk of experiencing a data breach or other security incident, especially considering the growing scope of application deployment throughout companies. Notably, without static analysis tools up and running, firms' developers can't hope to identify defects early in the lifecycle. This means that by the time the problem is identified, the application may be fairly far along, significantly increasing the cost of correcting the error. Even worse, the app may already have been deployed, putting the company at risk.
This is not to say that business leaders are unaware of the dangers that insufficiently secured applications can carry. In fact, these worries are very present, even if many organizations are not taking enough action to account for them.
"28 percent of respondents considered security or compliance concerns to be major obstacles for broader DevOps efforts."
A recent study from CA Technologies of more than 1,400 business and IT leaders, for example, found that 28 percent considered security or compliance concerns to be major obstacles for broader DevOps efforts, making this the single most commonly cited problem. The report found that these professionals greatly appreciated DevOps strategies for the benefits they offer – most notably, greater software deployment frequency and superior collaboration, along with overall quality and performance improvements. Yet security risks hamper these efforts, forcing developers to choose between productivity and safety.
In many cases, though, this is really a false dichotomy, as long as organizations utilize high-quality software security tools. With static code analysis solutions and related technologies, developers can test their application software regularly and automatically, verifying its security and reliability without disrupting development operations as a whole. This way, developers can continue to focus their efforts on application features, rather than flaws, thereby improving productivity across the board and speeding up time to market while driving down compliance costs.