Veracode, the application security company, has announced that research conducted by IDG reveals a growing gap in application security programmes at enterprises located in the UK and the US. The data shows that in 2015, enterprises will leave up to 70 percent of internally developed applications, such as online ecommerce or finance tools, at risk from common attacks such as SQL injections, which are used to gain stored database information such as the usernames and passwords of employees. Based on the average number of web and mobile applications produced by enterprises, the increase in the number of applications left unaudited for security will expand the attack surface at Global 2000 firms to 4.5 million.
Recent high profile breaches at large-scale retail organisations have demonstrated that cyber-criminals are using a variety of techniques to penetrate enterprises. Because enterprises have effectively locked down their networks, this leaves web and mobile applications as the path of least resistance. As enterprises continue to produce more applications, an inability to scale their current application security programmes means they typically audit the security of only business-critical applications. This leaves a significant number of web and mobile applications vulnerable, creating long-term security threats as cyber-criminals attack the path of least resistance into an IT infrastructure without regard for whether the application is business-critical or an infrequently used web application.
“In order to close this gap, enterprises need a new and more scalable approach to application security that allows organisations to mature their programmes with consistent enterprise-wide policies and metrics,” said Pejman Pourmousa, director of security programme management, Veracode. “Using a cloud-based service makes it possible for enterprises to keep pace with the speed of innovation without sacrificing security.”
Veracode’s cloud-based service offers an alternative to the legacy, on-premises approach. Because it is simpler and more scalable, the Veracode service will allow enterprises to close the growing application security gap, thereby reducing risk at their organisations.
The IDG study asked executives at large enterprises about their application security programmes and practices. The purpose of this study was to gain a better understanding of the enterprise application security environment, particularly for internally developed applications. The study also forecasted future application development, changes to security budgets, and application security vulnerabilities.
For more information, visit www.veracode.com.
Veracode delivers the most widely used cloud-based platform for securing web, mobile, legacy and third-party enterprise applications. By identifying critical application-layer threats before cyber-criminals can find and exploit them, Veracode helps enterprises deliver innovation to market faster – without sacrificing security.
Veracode’s powerful cloud-based platform, deep security expertise and programmatic, best practices approach provide enterprises with a simpler and more scalable way to reduce application-layer risk across their global software infrastructures.
Recognised as a Gartner Magic Quadrant Leader since 2010, Veracode secures hundreds of the world’s largest global enterprises, including 3 of the top 4 banks in the Fortune 100 and more than 25 of the world’s top 100 brands. Learn more at www.veracode.com, on the Veracode blog and on Twitter.