As
public
sector
organisations
have
ramped
up
their
digital
transformation
programs
to
meet
rapidly
evolving
citizen
needs
and
enable
hybrid
work
during
the
pandemic,
application
release
velocity
has
skyrocketed.
But
application
security
has
largely
failed
to
keep
pace,
and,
for
many
organisations,
this
is
now
presenting
a
major
problem.
In
the
latest
research
from
Cisco
AppDynamics,
The
shift
to
a
security
approach
for
the
full
application
stack,
90%
of
public
sector
technologists
admit
that
the
rush
to
rapidly
innovate
and
respond
to
the
changing
needs
of
end
users
has
come
at
the
expense
of
robust
application
security
during
software
development.
Technologists
are
struggling
to
manage
soaring
volumes
of
emerging
cyber
threats
across
an
increasingly
dynamic
and
fragmented
IT
environment.
And
this
is
making
public
sector
agencies
ever
more
vulnerable
to
potentially
catastrophic
cybersecurity
attacks.
In
response,
government
technologists
urgently
need
to
integrate
security
into
every
stage
of
the
application
lifecycle.
DevSecOps,
where
development
and
security
teams
work
hand-in-hand,
enables
developers
to
embed
robust
security
into
every
line
of
code,
resulting
in
more
secure
applications
and
easier
security
management
before,
during
and
after
release.
Worryingly
though,
the
research
suggests
that
public
sector
IT
departments
are
falling
behind
in
the
transition
to
DevSecOps,
compared
with
other
industries.
Government
technologists
express
concern
that
their
organisations
don’t
have
the
right
skills
and
tools
in
place
to
manage
new
security
threats.
It’s,
therefore,
critical
that
technologists
act
now
to
address
this
escalating
issue,
adopting
a
security
approach
for
the
full
application
stack.
Application
security
vulnerabilities
exposed
by
siloed
approach
Within
most
organisations,
security
teams
(SecOps)
have
traditionally
operated
separately
from
the
rest
of
the
IT
department.
Security
has
often
been
perceived
as
a
reactive
function,
brought
in
to
resolve
security
breaches
and
patch
up
vulnerabilities.
Indeed,
61%
of
public
sector
technologists
regard
security
as
an
inhibitor,
rather
than
an
enabler,
of
innovation,
more
than
their
counterparts
in
any
other
industry.
But
the
shortcomings
of
this
siloed
approach
are
being
dramatically
exposed
as
the
speed
of
application
development
accelerates.
In
particular,
wholesale
adoption
of
cloud-native
applications
and
architectures,
with
application
components
increasingly
running
on
a
mix
of
platforms
and
on-premise
databases,
is
leading
to
a
significant
expansion
of
attack
surfaces.
This
is
leaving
major
visibility
gaps
for
IT
teams,
with
current
security
solutions
unable
to
provide
a
comprehensive
view
of
their
organisation’s
security
posture.
Technologists
are
being
bombarded
with
security
alerts
from
across
the
application
stack,
and
they
can’t
cut
through
the
data
noise
to
understand
the
risk
level
of
security
issues
and
prioritise
remediation
based
on
end-user
impact.
In
fact,
more
than
half
of
public
sector
technologists
admit
that
they
are
overwhelmed
by
the
volume
of
security
threats
and
vulnerabilities
to
their
organisation
–
they
simply
haven’t
got
enough
time
and
resources
to
manage
a
constantly
changing
and
ever
more
complex
application
security
landscape.
The
result
is
that
many
IT
teams
are
ending
up
in
‘security
limbo’,
doing
nothing
because
they
simply
don’t
know
what
to
focus
on
and
prioritise.
Public
sector
technologists
must
accelerate
the
shift
to
DevSecOps
Faced
with
this
growing
challenge,
IT
leaders
recognise
the
need
for
much
closer
collaboration
between
teams
and
a
more
proactive
approach
to
application
security.
DevSecOps
brings
together
ITOps
and
SecOps
teams
so
that
application
security
and
compliance
testing
are
incorporated
into
every
stage
of
the
application
lifecycle,
from
planning
through
to
shipping.
However,
the
research
finds
that
the
public
sector
has
been
slow
to
begin
the
move
to
DevSecOps,
with
only
a
third
of
IT
departments
having
started
to
transition
to
this
new
approach.
More
than
half
of
public
sector
entities
are
still
just
considering
DevSecOps.
Evidently,
given
the
heightened
risks
they
are
facing,
IT
departments
need
to
switch
to
DevSecOps
as
a
matter
of
urgency.
Technologists
need
to
be
prepared
to
go
outside
their
comfort
zone,
putting
aside
entrenched
mindsets
and
embracing
a
more
collaborative
and
open
way
of
working.
They
also
need
to
develop
new
skills
and
look
to
extend
their
knowledge
beyond
their
own
specific
discipline
–
they
will
need
to
become
both
specialists
and
generalists
in
their
skills
and
outlook
to
succeed
in
a
cloud-native
environment.
As
well
as
cultural
change,
DevSecOps
relies
on
the
implementation
of
holistic
monitoring
systems
which
leverage
automation
and
AI
technologies
within
application
security
processes.
This
is
the
only
way
for
IT
teams
to
cope
with
the
spiralling
volumes
of
security
threats
organisations
are
facing.
This
type
of
automation
is
vital
to
identify
weaknesses,
predict
future
vulnerabilities
and
remediating
issues.
Once
IT
teams
can
teach
AI
tools
to
identify
threats
and
resolve
them
independently
of
an
admin,
the
benefits
are
game-changing
–
reduced
human
error,
increased
efficiency,
and
greater
agility
in
development.
Ultimately,
DevSecOps
will
see
application
security
become
an
accelerator
for
innovation
rather
than
a
barrier.
By
taking
a
proactive
approach
to
security
throughout
the
lifecycle
of
their
applications,
public
sector
technologists
will
spend
less
time
trying
to
identify
and
resolve
issues
and
more
time
on
strategic
activities
based
on
citizen
needs.
About Author
