Application security continues to be a major focus for organizations of all types, but pressure to stick to tight release cycles and compete by quickly rolling out new application features may be trumping security concerns, according to a recent study. The Trustwave 2014 Security Pressures Report found that more than three quarters of IT executives reported being pressured to roll out a cloud or mobile application even if it did not have adequate security. As companies look to balance software security demands and accelerate release schedules, they may benefit from tools that help build more security precautions into their development process.
According to the study, executives feel more pressure in general to improve the security of their organizations, with more than half saying the past year saw an increase in that pressure and nearly six out of 10 saying they expected even more of an emphasis to be placed on security in the year ahead. Sixty-four percent of respondents said they were most concerned about protecting against malware and advanced persistent threats, while 58 percent expressed fears about customer data theft.
Despite these emphases, though, IT executives consistently reported being pushed to roll out cloud and mobile applications before they had been fully secured, with 16 percent of respondents saying this happened frequently, 63 percent saying it happened once or twice per year and 79 percent saying it had happened to them at least once.
Getting it right
One area in which software security has suffered recently is the implementation of encryption, Hewlett-Packard CTO Jacob West told eWEEK. According to his company's recent 2013 Cyber Risk report, nearly half of mobile applications do not use encryption properly. More broadly, 80 percent of applications in general are misconfigured in some way, according to the study. West attributed these shortcomings to the fact that most developers are not trained as security experts and also to the constant pressure to deploy quickly.
Yet while the software world is increasingly moving toward methodologies that encourage faster release cycles, executives can fight some of the pressures surrounding software security by using automated tools like static analysis software to perform routine checks on new code. By institutionalizing procedures meant to strengthen the security of applications as they are built, executives may be able to give themselves a leg up on the top-down pressures pushing them to release applications they feel are not yet ready.
Software news brought to you by Klocwork Inc., dedicated to helping software developers create better code with every keystroke.