3
Loss of control of sensitive customer data
IT teams are increasingly reporting that they are losing control of where data sits within their application portfolios , with application components running across multi-cloud environments and on-premise databases . This creates visibility gaps and increases the risk of a major security event , given the volumes of customer data which exist within many of these applications .
IT teams need runtime application selfprotection ( RASP ) which provides visibility from inside apps so they can be secured wherever they reside and however they are deployed . Validating data requests directly inside the app helps to prevent vulnerabilities from being exploited and provides threat intelligence that identifies attacks down to the code level . Developers can have targeted insight into their application environments that allow them to respond to threats at scale - whether that ’ s in containers , on-premises , or in the cloud .
4
Challenges keeping pace with a rapidly changing application security landscape
Eighty-two percent of retail technologists admit that they find it difficult to keep up with emerging threats . Attack surfaces are growing exponentially due to rapid deployment of Internet of Things ( IoT ) and connected devices and adoption of microservicebased application architectures .
This is why it ’ s so important for retailers to partner with vendors who can provide real-time data and insights into new security threats within the industry . IT teams should be working with trusted partners to map these emerging threats against their own organization ’ s security posture to get back on the front foot .
5
Lack of integration between application development and security
Within IT departments in all industries , security is still too often perceived as an inhibitor of innovation and , as a result , security teams are often cut out of the application development process until the very end , for fear that it will slow down release velocity . Traditionally , DevOps and SecOps teams have operated in silos , often with little understanding or appreciation of one another ’ s role . Indeed , the research shows that ongoing collaboration between developers and security professionals takes place in only around a fifth of IT departments .
This is why a DevSecOps approach is now so important . This is where application security and compliance testing are
32