Brought to you by:
Enterprise Strategy Group | Getting to the Bigger Truth™
By Melinda Marks, ESG Senior Analyst
SEPTEMBER 2022
Of all the production server workloads–including application containers–used by your organization, approximately what percentage is run on public cloud infrastructure services (i.e., IaaS) today? How do you expect this to change (if at all) over the next 24 months? (Percent of respondents)
Source: ESG, a division of TechTarget, Inc.
You indicated your organization detected at least one misconfigured cloud application or service in the last 12 months. What was the result of the misconfiguration(s)? (Percent of respondents, N=350, multiple responses accepted)
Source: ESG, a division of TechTarget, Inc.
Has your organization ever pushed code to production with known organic vulnerabilities? (Percent of respondents, N=378)
Source: ESG, a division of TechTarget, Inc.
Organizations need to find ways to scale their security teams to keep up with the rapid pace of modern software development. For them, it is a matter of time and resource use because of the importance of the applications they need to protect.
Invicti customers described that they can’t use methods that are too expensive or time-intensive; with these restrictions, they would only apply those methods to business-critical applications.
With the move to the cloud to serve their customers, organizations need a cost-effective, easy-to-use solution that gives them protection and coverage for all of their applications, not just certain business-critical applications due to cost issues. Otherwise, simple coding mistakes can leave them vulnerable to attacks that could compromise company or customer data.
Invicti customers described how they are incorporating security into DevOps processes to catch and fix coding issues before they are deployed. By automating security testing at build time and setting policies, they can reduce their chance of releasing faulty code.
They are also monitoring for issues at runtime to detect any security issues. With an integrated solution, they can deliver alerts directly to the developers within their workflows to shorten the feedback loops and reduce work across teams. The Invicti customers described the importance of not forcing developers to use separate security tools; the developers need to receive the notifications within their own tools for bug fixes so they can continue to work in their normal integrated development environments (IDEs) and workflows.
With accurate testing and monitoring in place, Invicti provides Proof-Based Scanning, reporting only vulnerabilities that need to be fixed, saving developers from wasting their time on false positives or issues that don’t matter.
Invicti customers also described how they are setting policies as guardrails to set up mechanisms to prevent developers from being able to push code with misconfigurations. They described how Invicti helps ensure that their staff can work efficiently instead of getting bogged down in tedious, manual processes for setting up the policies or running testing tools.
Although scaling security for the speed of modern software development has its challenges, security teams strive to enable the secure use of cloud-native technologies that speed development to help drive better business results.
Invicti customers described how having the right security tools and processes in place drives a culture to support faster development instead of blocking it.
This helps to build a partnership with development so they can work together, as opposed to developers feeling like security might slow them down.
Invicti customers can run the tests upon code pushes, and they can also run scheduled scans to ensure that the applications are regularly tested. Information on any code issues is sent directly to developers within their CI/CD pipeline or ticketing system, providing them with the information needed to remediate their code so they can efficiently make the needed changes.
For the global vacation company, developers can fix security issues as they would fix any bug in their normal development workflows, without context switching. The Invicti customers said this is much more effective than what they were doing before, which was generating security testing results and giving developers lists of issues that they needed to go fix.
This ESG White Paper was commissioned by Invicti and is distributed under license from TechTarget, Inc.
All product names, logos, brands, and trademarks are the property of their respective owners. Information contained in this publication has been obtained by sources TechTarget, Inc. considers to be reliable but is not warranted by TechTarget, Inc. This publication may contain opinions of TechTarget, Inc., which are subject to change. This publication may include forecasts, projections, and other predictive statements that represent TechTarget, Inc.’s assumptions and expectations in light of currently available information. These forecasts are based on industry trends and involve variables and uncertainties. Consequently, TechTarget, Inc. makes no warranty as to the accuracy of specific forecasts, projections or predictive statements contained herein.
This publication is copyrighted by TechTarget, Inc. Any reproduction or redistribution of this publication, in whole or in part, whether in hard-copy format, electronically, or otherwise to persons not authorized to receive it, without the express consent of TechTarget, Inc., is in violation of U.S. copyright law and will be subject to an action for civil damages and, if applicable, criminal prosecution. Should you have any questions, please contact Client Relations at cr@esg-global.com.
Enterprise Strategy Group | Getting to the Bigger Truth™
Enterprise Strategy Group is an IT analyst, research, validation, and strategy firm that provides market intelligence and actionable insight to the global IT community.