For manufacturers across the UK, there is growing concern about the vulnerability of applications to new (and increasingly sophisticated) cyber attacks.
Rapid cloud adoption, the shift to microservice-based application architectures and increased deployment of IoT devices over the past couple of years have led to a dramatic expansion in attack surfaces.
And now, as manufacturers race to reap the benefits of Industry 4.0 and the Industrial Internet of Things (IIoT), we will see even greater volumes of applications spread across multiple cloud environments. All of which will make monitoring security even more challenging for IT teams.
In the latest research from Cisco AppDynamics, The shift to a security approach for the full application stack, 71% of manufacturing technologists admit application security within their organisation hasn’t kept pace with release velocity over the past two years. And as a result, more than three-quarters feel their organisation is vulnerable to a multi-staged security attack that would affect the full application stack over the next 12 months.
Gregg Ostrowski, CTO Advisor, Cisco AppDynamics commented: “Arguably, the biggest reason for this heightened sense of risk is the lack of collaboration between development and security teams, which the research reveals is more prevalent within the manufacturing industry than any other sector. These teams continue to operate in silos, often with significant tension and suspicion between them. Tellingly, as many as 60% of technologists regard security as an inhibitor of innovation, and therefore developers often keep security colleagues at arm’s length until the very end of the development pipeline.”
This lack of collaboration increases the likelihood of security blind spots and makes it impossible for IT teams to balance the need for rapid development with faultless application performance and robust security.
To address this issue, and protect against a crippling security attack, manufacturers urgently need to adopt a robust security approach for the full application stack, integrating security into the application life cycle from the very earliest stages of development, and providing technologists with the tools they need to manage escalating threats.
Currently, only 17% of IT departments in the manufacturing industry feature ongoing collaboration between ITOps and security teams. This figure is lower than in any other sector. In many organisations, security is completely overlooked during the development phase and only brought in when a security issue is detected – often when it is already too late to prevent service disruption.
Ostrowski continued: “There is now a growing awareness of the implications of this siloed approach, in terms of increased vulnerabilities to threats, poor reaction times to incidents and damage to overall digital experience for customers and employees.
“This explains why IT departments are shifting to a DevSecOps approach, where application security and compliance testing are integrated throughout the software development life cycle, rather than being an afterthought at the end of the development pipeline.”
DevSecOps makes security a shared responsibility for all technologists and incentives developers to identify and prioritise security issues at every step, resulting in more secure products and better security management, before, during and after release.
But this shift to a more collaborative approach requires technologists to alter their mindsets, embracing a more open and transparent way of working, and recognising and appreciating the contribution of other disciplines. The research also exposes a need for technologists from all disciplines to broaden their skill sets. This means ITOps teams becoming more knowledgeable about security, and security professionals developing a deeper understanding of application development.
Automation and AI are vital to enable DevSecOps and manage dynamic IT environments
As well as a strategic and cultural shift to built-in security, DevSecOps also requires IT departments to move from a security approach to the full application stack, where IT teams have full and unified visibility across all IT environments. This provides complete protection for their applications, from development through to production, across code, containers and Kubernetes. IT teams need to integrate performance and security monitoring to understand how vulnerabilities and incidents could impact end users and the business.
Encouragingly, 79% of manufacturing technologists report that implementing a security approach to the full application stack is now a priority for their organization, more than in any other sector.
However, such is the volume of security alerts coming from across their sprawling IT environments, technologists still need a way to cut through the data noise to identify and analyze vulnerabilities before they become issues which affect end user experience. And this is where automation and AI now have a crucial role to play.
Robust automation strengthens security postures, identifying threats and resolving them without the intervention of technologists. Automation reduces human error, increases efficiency, and improves agility in development.
Crucially, automation helps to contextualize security, correlating risk in relation to other key areas such as the application, user and business. This means that IT teams can finally prioritize those threats that could really harm a critical area of the environment or application.
As cybercriminals ramp up their use of AI, it’s vital that enterprise security teams keep pace. AIOps extend human capabilities in a range of application security tasks, including monitoring, assessing, and resolving issues—freeing up teams to focus on higher-value issues and enabling them to collaborate more effectively and strategically throughout the development lifecycle.
With the right tools and insights, technologists in the manufacturing sector will soon recognize the enormous benefits of greater collaboration within the IT department. Not only will the shift to DevSecOps put an end to the constant firefighting that characterizes current approaches to application security, easing the pressure on IT teams and mitigating against ever evolving threats; it will also provide all technologists with an opportunity to make new connections, learn new skills and become more rounded professionals.
