Tag: Strategies
In part one, we laid out how we should react when our organization tells us they want to roll out a mobile app. Short answer: don’t say no, but instead ask lots of questions. After that, we built a threat model that includes the mobile-specific twists on traditional IT security problems. Using this model, we…
Read MoreWe’re finishing up our series on what to do when your organization tells you they want to roll out a mobile app. In part one, we asked lots of questions so we could do a thorough risk and requirements analysis. In part two, we used that information to define security requirements and ensure that we…
Read MoreIn many organizations, building and securing apps has typically been a siloed affair. The product owner, the network engineer, the developer and the security engineer all come from different teams. And all too often, these teams become fiefdoms that believe their focus is the company’s primary objective. Today with Agile and DevOps moving faster and…
Read MoreSecurity in the cloud has always followed a shared responsibility model. What the provider manages, the provider secures. What the customer deploys, the customer secures. Generally speaking, if you have no control over it in the cloud, then the onus of securing it is on the provider. Serverless, which is kind of like a SaaS-hosted…
Read MoreA vast majority of organisations have no visibility into encrypted traffic, nor do they have protection against automated attackers. In Mary Meeker’s most recent Internet Trends report, the numbers show that in the first quarter of 2019, 87 per cent of global web traffic was encrypted, up from 53 per cent just three years ago.…
Read MoreThe way we build, provision, maintain and secure apps continues to evolve. As agile development practices put pressure on operations, organizations move to DevOps where both functions are synchronized. This in turn puts pressure on the app security organization, and so we see more companies today adopting a DevSecOps model. At the same time, the…
Read MoreLooking at cloud breaches over the last few years, it’s easy to get the impression that most were easily avoidable events that occurred due to silly misconfigurations, ugly failure modes, or borderline negligent architectures. To put it bluntly, these cloud breaches look stupid. But the people and the organizations designing and running these systems—both the…
Read MoreApplications have become the infrastructure of the internet. They are in everything from phones to thermostats, cars to power grids. And for every digital transformation enabled by apps, the application itself is a primary target, along with the business logic it supports and all its underlying data. For one thing, an app isn’t just an…
Read MoreThe F5 2019 State of Application Services Report noted that more than half (53%) of respondents were more confident about protecting applications on premises than in the public cloud (38%). It is normal to be uneasy about cloud security. Security in the cloud is a double-edged sword: it can render traditional security measures impotent, but…
Read MoreWith the cloud, containers and microservices, we’re navigating an environment that includes clients, proxies, web servers, app servers, ingress controllers, containers, sidecars, and a range of microservices performing more and more specialized functions—a whole world purely intrinsic to applications. The complexity involved in the presentation of an app today rivals that of the internet itself…
Read More