SlideShare ist ein Scribd-Unternehmen logo

Retail Industry Application Security Survey Insights

Veracode
Veracode

Wondering why retail applications are insecure? This survey shows why retail IT and security teams have a huge gap to close when it comes to securing their applications.

Einzelhandel
1 von 18
Downloaden Sie, um offline zu lesen
Application Security Practices Survey Insights for the Retail Industry
2 Application Security Practices Survey Insights for the Retail Industry • About this survey • What is being developed by enterprises? • What is not being tested? • How will things change in 12 months? • Executive commitment • A plan to close the gap
3 About the Survey • Conducted by IDG Research from May-June 2014 • Respondents: - 100 US - 100 UK - 106 Germany & Switzerland 26% 5% 6% 6% 8% 9% 11% 14% 16% Other Telecommunications Retail, Wholesale Healthcare, Medical, Biotech, Pharmaceuticals Advertising, PR, Marketing Business services, Consulting Manufacturing & Distribution High Tech (Computing HW, SW, Services) Financial services (banking, accounting,insurance) 0% 10% 20% 30% 17% 27% 16% 21% 18% $500 million - $999.9 million $1 billion - $2.9 billion $3 billion - $4.9 billion $5 billion - $9.9 billion $10 billion or more
What is being developed by enterprises?
5 Retail Industry’s Application Portfolio Internally Developed vs. Externally Sourced Internally developed Sourced from commercial software vendor Outsourced (developed by third party) 35% 43% 22% Source: Veracode and IDG Research Services Q1. With the total equal to 100%, please estimate what proportion of your organization’s total enterprise application portfolio is internally developed vs. externally-developed/ sourced? Retail Base: 17 Average number of internally developed enterprise applications 2195 Source: Veracode and IDG Research Services Q9. How many internally developed enterprise applications are currently deployed within your organization? Retail Base: 17
6 Taxonomy of internally developed applications Source: Veracode and IDG Research Services Q3. With the total equal to 100%, approximately what percent of your internally developed enterprise application portfolio falls into the following application architecture categories? Retail Base: 17 33% 26% 18% 23% Mobile Applications Web Applications Client/Server Applications Terminal Applications RETAIL INDUSTRY
What is being spent on securing internally developed applications?
8 Security spending on internally developed enterprise applications 0% 12% 12% 35% 24% 18% 0% 0% 0% 10% 20% 30% 40% Less than $100,000 $100,000 to $249,999 $250,000 to $499,999 $500,000 to $749,999 $750,000 to $999,999 $1M to $2.49M $2.5M to $4.9M $5M or more $0.8M Source: Veracode and IDG Research Services Q7a. Please estimate your organization’s overall spend on application security for internally developed applications? Total Retail Base: 17 RETAIL INDUSTRY
9 Breakdown of application security spending on internally developed applications Penetration Testing SAST DAST Application Discovery/Inventory Other 22% 25% 26% 23% 4% Source: Veracode and IDG Research Services Q7b. Approximately what percent of your organization’s application security budget for internally developed applications is spent on the following: Retail Base: 17 RETAIL INDUSTRY
What is not being tested?
11 RETAIL INDUSTRY Internally developed applications not tested for security vulnerabilities Source: Veracode and IDG Research Services Q5a. For each application architecture listed below, approximately what percentage of your organization’s internally developed applications do you test for security vulnerabilities? (Total does not have to add up to 100%) Retail Base: 17 MOBILE APPLICATIONS 64% not tested for vulnerabilities WEB APPLICATIONS 65%not tested for vulnerabilities TERMINAL APPLICATIONS 63%not tested for vulnerabilities CLIENT/SERVER APPLICATIONS 67%not tested for vulnerabilities ALL APPLICATIONS 65%not tested for vulnerabilities A
12 RETAIL INDUSTRY Importance of closing the gaps in application security testing Source: Veracode and IDG Research Services Q5b. For each application architecture listed below, how important is it for your organization to close the gaps in coverage and move closer to testing 100% of your internally developed applications for security vulnerabilities? 80% MOBILE APPLICATIONS 87% WEB APPLICATIONS 88% CLIENT/SERVER APPLICATIONS 75% TERMINAL APPLICATIONS Respondent organizations reporting less than 100% coverage citing a critical or very important need to close gaps in coverage:
How will things change in 12 months?
14 Changes in application security programs: 12 month projection for the Retail Industry Source: Veracode and IDG Research Services Q5a. For each application architecture listed below, approximately what percentage of your organization’s internally developed applications do you test for security vulnerabilities? (Total does not have to add up to 100%) Retail Base: 17 2.1% average increase Change in security spend for internally developed applications (or 141 new apps) Average growth of internally developed applications 6% average increase Estimated 2015 Budget: $0.82M Estimated 2015 Need: $2.41M To test all current and new applications with existing approaches $1.59M Average gap between need and budget Source: Veracode and IDG Research Services Q8. How do you expect your organization’s overall spending on application security for internally developed enterprise applications to change over the next 12 months? Retail Base: 17
Executive Commitment
16 RETAIL INDUSTRY Executive commitment to application security testing Executives have mandated an enterprise-wide program and are tracking implementation Executives are aware of but have not mandated an enterprise-wide program Executives are interested in application security for business critical applications only Executives have little interest in application security programs 41% 18% 41% 0% Source: Veracode and IDG Research Services Q9. Which of the following most accurately describes the level of executive commitment to application security testing (for internally developed applications) within your organization? Retail Base: 17
17 A Plan to Close the Gap* Anticipated spending increases are dramatically lower than the minimum spending increase that IDG determined is required to close the gap. Simply extrapolating the existing assessment approaches to close the gap puts the CSO in an untenable budgetary situation. The key is rethinking these elements: • How security gets built into applications as they are being developed • How to build in security at the scale and pace required to support the more than 340 anticipated new applications that enterprises, on average, will develop in the next 12 months • How to build in security so that it lowers the financial burden of proactively managing risk By seeking out best practices for implementing application security at scale, CIOs and CSOs can use their expected budget increases for initiatives that tackle their existing gap in a significant way. * Except from “Why Application Security is a Business Imperative” IDG Research, Aug 2014
Start the assessment http://www.veracode.com/application-security-assessment

Empfohlen

Mobile Security: Apps are our digital lives.
Mobile Security: Apps are our digital lives.Mobile Security: Apps are our digital lives.
Mobile Security: Apps are our digital lives.Veracode
 
The Four(ish) Appsec Metrics You Can’t Ignore
The Four(ish) Appsec Metrics You Can’t IgnoreThe Four(ish) Appsec Metrics You Can’t Ignore
The Four(ish) Appsec Metrics You Can’t IgnoreVeracode
 
Healthcare application-security-practices-survey-veracode
Healthcare application-security-practices-survey-veracodeHealthcare application-security-practices-survey-veracode
Healthcare application-security-practices-survey-veracodeVeracode
 
Norton Mobile Apps Survey Report
Norton Mobile Apps Survey ReportNorton Mobile Apps Survey Report
Norton Mobile Apps Survey ReportSymantec
 
How to prevent data leaks with application security testing strategy
How to prevent data leaks with application security testing strategyHow to prevent data leaks with application security testing strategy
How to prevent data leaks with application security testing strategyCigniti Technologies Ltd
 
Better Security Through Big Data Analytics
Better Security Through Big Data AnalyticsBetter Security Through Big Data Analytics
Better Security Through Big Data AnalyticsSymantec
 
Eurecom уличили приложения для Android в тайной от пользователя активности
Eurecom уличили приложения для Android в тайной от пользователя активностиEurecom уличили приложения для Android в тайной от пользователя активности
Eurecom уличили приложения для Android в тайной от пользователя активностиSergey Ulankin
 
Open Source Insight: CVE-2017-2636 Vuln of the Week & UK National Cyber Secur...
Open Source Insight: CVE-2017-2636 Vuln of the Week & UK National Cyber Secur...Open Source Insight: CVE-2017-2636 Vuln of the Week & UK National Cyber Secur...
Open Source Insight: CVE-2017-2636 Vuln of the Week & UK National Cyber Secur...Black Duck by Synopsys
 

Empfohlen

Mobile Security: Apps are our digital lives.
Mobile Security: Apps are our digital lives.Mobile Security: Apps are our digital lives.
Mobile Security: Apps are our digital lives.Veracode
 
The Four(ish) Appsec Metrics You Can’t Ignore
The Four(ish) Appsec Metrics You Can’t IgnoreThe Four(ish) Appsec Metrics You Can’t Ignore
The Four(ish) Appsec Metrics You Can’t IgnoreVeracode
 
Healthcare application-security-practices-survey-veracode
Healthcare application-security-practices-survey-veracodeHealthcare application-security-practices-survey-veracode
Healthcare application-security-practices-survey-veracodeVeracode
 
Norton Mobile Apps Survey Report
Norton Mobile Apps Survey ReportNorton Mobile Apps Survey Report
Norton Mobile Apps Survey ReportSymantec
 
How to prevent data leaks with application security testing strategy
How to prevent data leaks with application security testing strategyHow to prevent data leaks with application security testing strategy
How to prevent data leaks with application security testing strategyCigniti Technologies Ltd
 
Better Security Through Big Data Analytics
Better Security Through Big Data AnalyticsBetter Security Through Big Data Analytics
Better Security Through Big Data AnalyticsSymantec
 
Eurecom уличили приложения для Android в тайной от пользователя активности
Eurecom уличили приложения для Android в тайной от пользователя активностиEurecom уличили приложения для Android в тайной от пользователя активности
Eurecom уличили приложения для Android в тайной от пользователя активностиSergey Ulankin
 
Open Source Insight: CVE-2017-2636 Vuln of the Week & UK National Cyber Secur...
Open Source Insight: CVE-2017-2636 Vuln of the Week & UK National Cyber Secur...Open Source Insight: CVE-2017-2636 Vuln of the Week & UK National Cyber Secur...
Open Source Insight: CVE-2017-2636 Vuln of the Week & UK National Cyber Secur...Black Duck by Synopsys
 
Digital Generation: Security Infographic
Digital Generation: Security InfographicDigital Generation: Security Infographic
Digital Generation: Security InfographicUnisys Corporation
 
Unisys Security Insights Infographic: Global
Unisys Security Insights Infographic: GlobalUnisys Security Insights Infographic: Global
Unisys Security Insights Infographic: GlobalUnisys Corporation
 
Veracode - Inglês
Veracode - InglêsVeracode - Inglês
Veracode - InglêsDeServ - Tecnologia e Servços
 
Application Security in Times of Globalization
Application Security in Times of GlobalizationApplication Security in Times of Globalization
Application Security in Times of GlobalizationAujas Networks Pvt. Ltd.
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationarshidkb
 
App Developers Urged to Take Greater Care in Accessing Data
App Developers Urged to Take Greater Care in Accessing DataApp Developers Urged to Take Greater Care in Accessing Data
App Developers Urged to Take Greater Care in Accessing DataJohn Davis
 
Web Application Security Statistics Report 2016
Web Application Security Statistics Report 2016Web Application Security Statistics Report 2016
Web Application Security Statistics Report 2016Jeremiah Grossman
 
7 measures to overcome cyber attacks of web application
7 measures to overcome cyber attacks of web application7 measures to overcome cyber attacks of web application
7 measures to overcome cyber attacks of web applicationTestingXperts
 
Disruptive Enterprise Mobility Infographic
Disruptive Enterprise Mobility InfographicDisruptive Enterprise Mobility Infographic
Disruptive Enterprise Mobility InfographicExclusive Networks
 
42396_HP Risk Report App Highlights infographic_042715_D1
42396_HP Risk Report App Highlights infographic_042715_D142396_HP Risk Report App Highlights infographic_042715_D1
42396_HP Risk Report App Highlights infographic_042715_D1D Larson
 
Security in the Hybrid Cloud Now and in 2016
Security in the Hybrid Cloud Now and in 2016 Security in the Hybrid Cloud Now and in 2016
Security in the Hybrid Cloud Now and in 2016 IDG Connect
 
Get Prepared
Get PreparedGet Prepared
Get PreparedHewlett Packard Enterprise Business Value Exchange
 
Mobile Security Trends in the Workplace
Mobile Security Trends in the WorkplaceMobile Security Trends in the Workplace
Mobile Security Trends in the WorkplaceBlueboxer2014
 
Top Software Glitches and Growing Significance of Software Testing
Top Software Glitches and Growing Significance of Software TestingTop Software Glitches and Growing Significance of Software Testing
Top Software Glitches and Growing Significance of Software TestingCigniti Technologies Ltd
 
Impact of Coronavirus on Software and Services: Top Figures to Look at
Impact of Coronavirus on Software and Services: Top Figures to Look atImpact of Coronavirus on Software and Services: Top Figures to Look at
Impact of Coronavirus on Software and Services: Top Figures to Look atVivek Mishra
 
Project 3:Government Mobile Apps Security Assessment & Strategy
Project 3:Government Mobile Apps Security Assessment & StrategyProject 3:Government Mobile Apps Security Assessment & Strategy
Project 3:Government Mobile Apps Security Assessment & StrategyArshad ali
 
OWASP: Building Secure Web Apps
OWASP: Building Secure Web AppsOWASP: Building Secure Web Apps
OWASP: Building Secure Web Appsmlogvinov
 
Plan for the Worst; Fight for the Best
Plan for the Worst; Fight for the BestPlan for the Worst; Fight for the Best
Plan for the Worst; Fight for the BestHewlett Packard Enterprise Business Value Exchange
 
Wireless security trends
Wireless security trendsWireless security trends
Wireless security trendsAshmar Kalangottil
 
WhiteHat Security 8th Website Security Statistics Report
WhiteHat Security 8th Website Security Statistics ReportWhiteHat Security 8th Website Security Statistics Report
WhiteHat Security 8th Website Security Statistics ReportJeremiah Grossman
 
Veracode CISO Round Table
Veracode CISO Round TableVeracode CISO Round Table
Veracode CISO Round TableSalil Kumar Subramony
 
Developing Web Applications Securely - How to Fix Common Code Vulnerabilities...
Developing Web Applications Securely - How to Fix Common Code Vulnerabilities...Developing Web Applications Securely - How to Fix Common Code Vulnerabilities...
Developing Web Applications Securely - How to Fix Common Code Vulnerabilities...Veracode
 

Weitere ähnliche Inhalte

Was ist angesagt?

Digital Generation: Security Infographic
Digital Generation: Security InfographicDigital Generation: Security Infographic
Digital Generation: Security InfographicUnisys Corporation
 
Unisys Security Insights Infographic: Global
Unisys Security Insights Infographic: GlobalUnisys Security Insights Infographic: Global
Unisys Security Insights Infographic: GlobalUnisys Corporation
 
Application Security in Times of Globalization
Application Security in Times of GlobalizationApplication Security in Times of Globalization
Application Security in Times of GlobalizationAujas Networks Pvt. Ltd.
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationarshidkb
 
App Developers Urged to Take Greater Care in Accessing Data
App Developers Urged to Take Greater Care in Accessing DataApp Developers Urged to Take Greater Care in Accessing Data
App Developers Urged to Take Greater Care in Accessing DataJohn Davis
 
Web Application Security Statistics Report 2016
Web Application Security Statistics Report 2016Web Application Security Statistics Report 2016
Web Application Security Statistics Report 2016Jeremiah Grossman
 
7 measures to overcome cyber attacks of web application
7 measures to overcome cyber attacks of web application7 measures to overcome cyber attacks of web application
7 measures to overcome cyber attacks of web applicationTestingXperts
 
Disruptive Enterprise Mobility Infographic
Disruptive Enterprise Mobility InfographicDisruptive Enterprise Mobility Infographic
Disruptive Enterprise Mobility InfographicExclusive Networks
 
42396_HP Risk Report App Highlights infographic_042715_D1
42396_HP Risk Report App Highlights infographic_042715_D142396_HP Risk Report App Highlights infographic_042715_D1
42396_HP Risk Report App Highlights infographic_042715_D1D Larson
 
Security in the Hybrid Cloud Now and in 2016
Security in the Hybrid Cloud Now and in 2016 Security in the Hybrid Cloud Now and in 2016
Security in the Hybrid Cloud Now and in 2016 IDG Connect
 
Mobile Security Trends in the Workplace
Mobile Security Trends in the WorkplaceMobile Security Trends in the Workplace
Mobile Security Trends in the WorkplaceBlueboxer2014
 
Top Software Glitches and Growing Significance of Software Testing
Top Software Glitches and Growing Significance of Software TestingTop Software Glitches and Growing Significance of Software Testing
Top Software Glitches and Growing Significance of Software TestingCigniti Technologies Ltd
 
Impact of Coronavirus on Software and Services: Top Figures to Look at
Impact of Coronavirus on Software and Services: Top Figures to Look atImpact of Coronavirus on Software and Services: Top Figures to Look at
Impact of Coronavirus on Software and Services: Top Figures to Look atVivek Mishra
 
Project 3:Government Mobile Apps Security Assessment & Strategy
Project 3:Government Mobile Apps Security Assessment & StrategyProject 3:Government Mobile Apps Security Assessment & Strategy
Project 3:Government Mobile Apps Security Assessment & StrategyArshad ali
 
OWASP: Building Secure Web Apps
OWASP: Building Secure Web AppsOWASP: Building Secure Web Apps
OWASP: Building Secure Web Appsmlogvinov
 
WhiteHat Security 8th Website Security Statistics Report
WhiteHat Security 8th Website Security Statistics ReportWhiteHat Security 8th Website Security Statistics Report
WhiteHat Security 8th Website Security Statistics ReportJeremiah Grossman
 

Was ist angesagt? (20)

Digital Generation: Security Infographic
Digital Generation: Security InfographicDigital Generation: Security Infographic
Digital Generation: Security Infographic
 
Unisys Security Insights Infographic: Global
Unisys Security Insights Infographic: GlobalUnisys Security Insights Infographic: Global
Unisys Security Insights Infographic: Global
 
Veracode - Inglês
Veracode - InglêsVeracode - Inglês
Veracode - Inglês
 
Application Security in Times of Globalization
Application Security in Times of GlobalizationApplication Security in Times of Globalization
Application Security in Times of Globalization
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
App Developers Urged to Take Greater Care in Accessing Data
App Developers Urged to Take Greater Care in Accessing DataApp Developers Urged to Take Greater Care in Accessing Data
App Developers Urged to Take Greater Care in Accessing Data
 
Web Application Security Statistics Report 2016
Web Application Security Statistics Report 2016Web Application Security Statistics Report 2016
Web Application Security Statistics Report 2016
 
7 measures to overcome cyber attacks of web application
7 measures to overcome cyber attacks of web application7 measures to overcome cyber attacks of web application
7 measures to overcome cyber attacks of web application
 
Disruptive Enterprise Mobility Infographic
Disruptive Enterprise Mobility InfographicDisruptive Enterprise Mobility Infographic
Disruptive Enterprise Mobility Infographic
 
42396_HP Risk Report App Highlights infographic_042715_D1
42396_HP Risk Report App Highlights infographic_042715_D142396_HP Risk Report App Highlights infographic_042715_D1
42396_HP Risk Report App Highlights infographic_042715_D1
 
Security in the Hybrid Cloud Now and in 2016
Security in the Hybrid Cloud Now and in 2016 Security in the Hybrid Cloud Now and in 2016
Security in the Hybrid Cloud Now and in 2016
 
Get Prepared
Get PreparedGet Prepared
Get Prepared
 
Mobile Security Trends in the Workplace
Mobile Security Trends in the WorkplaceMobile Security Trends in the Workplace
Mobile Security Trends in the Workplace
 
Top Software Glitches and Growing Significance of Software Testing
Top Software Glitches and Growing Significance of Software TestingTop Software Glitches and Growing Significance of Software Testing
Top Software Glitches and Growing Significance of Software Testing
 
Impact of Coronavirus on Software and Services: Top Figures to Look at
Impact of Coronavirus on Software and Services: Top Figures to Look atImpact of Coronavirus on Software and Services: Top Figures to Look at
Impact of Coronavirus on Software and Services: Top Figures to Look at
 
Project 3:Government Mobile Apps Security Assessment & Strategy
Project 3:Government Mobile Apps Security Assessment & StrategyProject 3:Government Mobile Apps Security Assessment & Strategy
Project 3:Government Mobile Apps Security Assessment & Strategy
 
OWASP: Building Secure Web Apps
OWASP: Building Secure Web AppsOWASP: Building Secure Web Apps
OWASP: Building Secure Web Apps
 
Plan for the Worst; Fight for the Best
Plan for the Worst; Fight for the BestPlan for the Worst; Fight for the Best
Plan for the Worst; Fight for the Best
 
Wireless security trends
Wireless security trendsWireless security trends
Wireless security trends
 
WhiteHat Security 8th Website Security Statistics Report
WhiteHat Security 8th Website Security Statistics ReportWhiteHat Security 8th Website Security Statistics Report
WhiteHat Security 8th Website Security Statistics Report
 

Andere mochten auch

Developing Web Applications Securely - How to Fix Common Code Vulnerabilities...
Developing Web Applications Securely - How to Fix Common Code Vulnerabilities...Developing Web Applications Securely - How to Fix Common Code Vulnerabilities...
Developing Web Applications Securely - How to Fix Common Code Vulnerabilities...Veracode
 
The Security Industry: How to Survive Becoming Management BSIDESLV 2013 Keynote
The Security Industry: How to Survive Becoming Management BSIDESLV 2013 KeynoteThe Security Industry: How to Survive Becoming Management BSIDESLV 2013 Keynote
The Security Industry: How to Survive Becoming Management BSIDESLV 2013 KeynoteVeracode
 
Why Benchmark Application Security - Veracode
Why Benchmark Application Security - VeracodeWhy Benchmark Application Security - Veracode
Why Benchmark Application Security - VeracodeVeracode
 
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
8 Patterns For Continuous Code Security by Veracode CTO Chris WysopalThreat Stack
 
Secure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green MethodSecure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green MethodSalil Kumar Subramony
 
Selling Your Organization on Application Security
Selling Your Organization on Application SecuritySelling Your Organization on Application Security
Selling Your Organization on Application SecurityVeracode
 
The Seven Kinds of Security
The Seven Kinds of SecurityThe Seven Kinds of Security
The Seven Kinds of SecurityVeracode
 
A Secure DevOps Journey
A Secure DevOps JourneyA Secure DevOps Journey
A Secure DevOps JourneyVeracode
 
A Secure DevOps Journey
A Secure DevOps JourneyA Secure DevOps Journey
A Secure DevOps JourneySonatype
 

Andere mochten auch (11)

Veracode CISO Round Table
Veracode CISO Round TableVeracode CISO Round Table
Veracode CISO Round Table
 
Developing Web Applications Securely - How to Fix Common Code Vulnerabilities...
Developing Web Applications Securely - How to Fix Common Code Vulnerabilities...Developing Web Applications Securely - How to Fix Common Code Vulnerabilities...
Developing Web Applications Securely - How to Fix Common Code Vulnerabilities...
 
The Security Industry: How to Survive Becoming Management BSIDESLV 2013 Keynote
The Security Industry: How to Survive Becoming Management BSIDESLV 2013 KeynoteThe Security Industry: How to Survive Becoming Management BSIDESLV 2013 Keynote
The Security Industry: How to Survive Becoming Management BSIDESLV 2013 Keynote
 
Veracode - Overview
Veracode - OverviewVeracode - Overview
Veracode - Overview
 
Why Benchmark Application Security - Veracode
Why Benchmark Application Security - VeracodeWhy Benchmark Application Security - Veracode
Why Benchmark Application Security - Veracode
 
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
 
Secure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green MethodSecure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green Method
 
Selling Your Organization on Application Security
Selling Your Organization on Application SecuritySelling Your Organization on Application Security
Selling Your Organization on Application Security
 
The Seven Kinds of Security
The Seven Kinds of SecurityThe Seven Kinds of Security
The Seven Kinds of Security
 
A Secure DevOps Journey
A Secure DevOps JourneyA Secure DevOps Journey
A Secure DevOps Journey
 
A Secure DevOps Journey
A Secure DevOps JourneyA Secure DevOps Journey
A Secure DevOps Journey
 

Ähnlich wie Retail Industry Application Security Survey Insights

Intelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software SecurityIntelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software SecurityTyler Shields
 
application-security-fallacies-and-realities-veracode
application-security-fallacies-and-realities-veracodeapplication-security-fallacies-and-realities-veracode
application-security-fallacies-and-realities-veracodesciccone
 
Application Security Market PPT: Overview, Dynamics, Trends, Segmentation, Ap...
Application Security Market PPT: Overview, Dynamics, Trends, Segmentation, Ap...Application Security Market PPT: Overview, Dynamics, Trends, Segmentation, Ap...
Application Security Market PPT: Overview, Dynamics, Trends, Segmentation, Ap...IMARC Group
 
Does Application Security Pay? Measuring the Business Impact of Software Secu...
Does Application Security Pay? Measuring the Business Impact of Software Secu...Does Application Security Pay? Measuring the Business Impact of Software Secu...
Does Application Security Pay? Measuring the Business Impact of Software Secu...Mainstay
 
Preventive maintenance software market
Preventive maintenance software marketPreventive maintenance software market
Preventive maintenance software marketSagarmaratha1
 
ultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracodeultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracodeSean Varga
 
Trust but Verify: Strategies for managing software supplier risk
Trust but Verify: Strategies for managing software supplier riskTrust but Verify: Strategies for managing software supplier risk
Trust but Verify: Strategies for managing software supplier riskTimothy Jarrett
 
Strategy Analytics - Automotive Cyber Security - Oct 2020.pptx
Strategy Analytics - Automotive Cyber Security - Oct 2020.pptxStrategy Analytics - Automotive Cyber Security - Oct 2020.pptx
Strategy Analytics - Automotive Cyber Security - Oct 2020.pptxNiteshKumar958846
 
Ultimate_Guide_to_getting_started_with_AppSec
Ultimate_Guide_to_getting_started_with_AppSecUltimate_Guide_to_getting_started_with_AppSec
Ultimate_Guide_to_getting_started_with_AppSecJessica Lavery Pozerski
 
DevOps Market PPT 2022: Size, Growth, Demand and Forecast till 2027
DevOps Market PPT 2022: Size, Growth, Demand and Forecast till 2027DevOps Market PPT 2022: Size, Growth, Demand and Forecast till 2027
DevOps Market PPT 2022: Size, Growth, Demand and Forecast till 2027IMARC Group
 
Training Catalogue - CyberSec_Technocracy.pdf
Training Catalogue - CyberSec_Technocracy.pdfTraining Catalogue - CyberSec_Technocracy.pdf
Training Catalogue - CyberSec_Technocracy.pdfdotco
 
Apperian 2015 Executive Enterprise Mobility Survey
Apperian 2015 Executive Enterprise Mobility SurveyApperian 2015 Executive Enterprise Mobility Survey
Apperian 2015 Executive Enterprise Mobility SurveyJennifer Walker
 
Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...
Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...
Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...Burton Lee
 
Market landscape how pervasive technology has changed the game
Market landscape how pervasive technology has changed the gameMarket landscape how pervasive technology has changed the game
Market landscape how pervasive technology has changed the gameDennis Stoutjesdijk
 
Malware Analysis Market Growth, Demand and Challenges of the Key Industry Pla...
Malware Analysis Market Growth, Demand and Challenges of the Key Industry Pla...Malware Analysis Market Growth, Demand and Challenges of the Key Industry Pla...
Malware Analysis Market Growth, Demand and Challenges of the Key Industry Pla...IMARC Group
 
Vodafone cyber ready barometer 2018
Vodafone cyber ready barometer 2018Vodafone cyber ready barometer 2018
Vodafone cyber ready barometer 2018Martin Finn
 
Business Commerce, the Cloud, and the CIO - London
Business Commerce, the Cloud, and the CIO - LondonBusiness Commerce, the Cloud, and the CIO - London
Business Commerce, the Cloud, and the CIO - LondonSAP Ariba
 
Application Performance Management Market.pdf
Application Performance Management Market.pdfApplication Performance Management Market.pdf
Application Performance Management Market.pdfSunilShah9161
 
Security Testing Market PPT: Demand, Trends and Business Opportunities 2023-28
Security Testing Market PPT: Demand, Trends and Business Opportunities 2023-28Security Testing Market PPT: Demand, Trends and Business Opportunities 2023-28
Security Testing Market PPT: Demand, Trends and Business Opportunities 2023-28IMARC Group
 

Ähnlich wie Retail Industry Application Security Survey Insights (20)

Intelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software SecurityIntelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software Security
 
application-security-fallacies-and-realities-veracode
application-security-fallacies-and-realities-veracodeapplication-security-fallacies-and-realities-veracode
application-security-fallacies-and-realities-veracode
 
Webinar: CX up AND costs down?
Webinar: CX up AND costs down?Webinar: CX up AND costs down?
Webinar: CX up AND costs down?
 
Application Security Market PPT: Overview, Dynamics, Trends, Segmentation, Ap...
Application Security Market PPT: Overview, Dynamics, Trends, Segmentation, Ap...Application Security Market PPT: Overview, Dynamics, Trends, Segmentation, Ap...
Application Security Market PPT: Overview, Dynamics, Trends, Segmentation, Ap...
 
Does Application Security Pay? Measuring the Business Impact of Software Secu...
Does Application Security Pay? Measuring the Business Impact of Software Secu...Does Application Security Pay? Measuring the Business Impact of Software Secu...
Does Application Security Pay? Measuring the Business Impact of Software Secu...
 
Preventive maintenance software market
Preventive maintenance software marketPreventive maintenance software market
Preventive maintenance software market
 
ultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracodeultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracode
 
Trust but Verify: Strategies for managing software supplier risk
Trust but Verify: Strategies for managing software supplier riskTrust but Verify: Strategies for managing software supplier risk
Trust but Verify: Strategies for managing software supplier risk
 
Strategy Analytics - Automotive Cyber Security - Oct 2020.pptx
Strategy Analytics - Automotive Cyber Security - Oct 2020.pptxStrategy Analytics - Automotive Cyber Security - Oct 2020.pptx
Strategy Analytics - Automotive Cyber Security - Oct 2020.pptx
 
Ultimate_Guide_to_getting_started_with_AppSec
Ultimate_Guide_to_getting_started_with_AppSecUltimate_Guide_to_getting_started_with_AppSec
Ultimate_Guide_to_getting_started_with_AppSec
 
DevOps Market PPT 2022: Size, Growth, Demand and Forecast till 2027
DevOps Market PPT 2022: Size, Growth, Demand and Forecast till 2027DevOps Market PPT 2022: Size, Growth, Demand and Forecast till 2027
DevOps Market PPT 2022: Size, Growth, Demand and Forecast till 2027
 
Training Catalogue - CyberSec_Technocracy.pdf
Training Catalogue - CyberSec_Technocracy.pdfTraining Catalogue - CyberSec_Technocracy.pdf
Training Catalogue - CyberSec_Technocracy.pdf
 
Apperian 2015 Executive Enterprise Mobility Survey
Apperian 2015 Executive Enterprise Mobility SurveyApperian 2015 Executive Enterprise Mobility Survey
Apperian 2015 Executive Enterprise Mobility Survey
 
Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...
Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...
Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...
 
Market landscape how pervasive technology has changed the game
Market landscape how pervasive technology has changed the gameMarket landscape how pervasive technology has changed the game
Market landscape how pervasive technology has changed the game
 
Malware Analysis Market Growth, Demand and Challenges of the Key Industry Pla...
Malware Analysis Market Growth, Demand and Challenges of the Key Industry Pla...Malware Analysis Market Growth, Demand and Challenges of the Key Industry Pla...
Malware Analysis Market Growth, Demand and Challenges of the Key Industry Pla...
 
Vodafone cyber ready barometer 2018
Vodafone cyber ready barometer 2018Vodafone cyber ready barometer 2018
Vodafone cyber ready barometer 2018
 
Business Commerce, the Cloud, and the CIO - London
Business Commerce, the Cloud, and the CIO - LondonBusiness Commerce, the Cloud, and the CIO - London
Business Commerce, the Cloud, and the CIO - London
 
Application Performance Management Market.pdf
Application Performance Management Market.pdfApplication Performance Management Market.pdf
Application Performance Management Market.pdf
 
Security Testing Market PPT: Demand, Trends and Business Opportunities 2023-28
Security Testing Market PPT: Demand, Trends and Business Opportunities 2023-28Security Testing Market PPT: Demand, Trends and Business Opportunities 2023-28
Security Testing Market PPT: Demand, Trends and Business Opportunities 2023-28
 

Kürzlich hochgeladen

call Now 9811711561 Cash Payment乂 Call Girls in Dwarka
call Now 9811711561 Cash Payment乂 Call Girls in Dwarkacall Now 9811711561 Cash Payment乂 Call Girls in Dwarka
call Now 9811711561 Cash Payment乂 Call Girls in Dwarkavikas rana
 
Best VIP Call Girls Noida Sector 50 Call Me: 8448380779
Best VIP Call Girls Noida Sector 50 Call Me: 8448380779Best VIP Call Girls Noida Sector 50 Call Me: 8448380779
Best VIP Call Girls Noida Sector 50 Call Me: 8448380779Delhi Call girls
 
The 15 Minute Breakdown: 2024 Beauty Marketing Study
The 15 Minute Breakdown: 2024 Beauty Marketing StudyThe 15 Minute Breakdown: 2024 Beauty Marketing Study
The 15 Minute Breakdown: 2024 Beauty Marketing StudyTinuiti
 
Top Rated Pune Call Girls Talegaon Dabhade ⟟ 6297143586 ⟟ Call Me For Genuin...
Top Rated Pune Call Girls Talegaon Dabhade ⟟ 6297143586 ⟟ Call Me For Genuin...Top Rated Pune Call Girls Talegaon Dabhade ⟟ 6297143586 ⟟ Call Me For Genuin...
Top Rated Pune Call Girls Talegaon Dabhade ⟟ 6297143586 ⟟ Call Me For Genuin...Call Girls in Nagpur High Profile
 
Best VIP Call Girls Noida Sector 55 Call Me: 8448380779
Best VIP Call Girls Noida Sector 55 Call Me: 8448380779Best VIP Call Girls Noida Sector 55 Call Me: 8448380779
Best VIP Call Girls Noida Sector 55 Call Me: 8448380779Delhi Call girls
 
Best VIP Call Girls Noida Sector 51 Call Me: 8448380779
Best VIP Call Girls Noida Sector 51 Call Me: 8448380779Best VIP Call Girls Noida Sector 51 Call Me: 8448380779
Best VIP Call Girls Noida Sector 51 Call Me: 8448380779Delhi Call girls
 
The 15 Minute Breakdown: 2024 Beauty Marketing Study
The 15 Minute Breakdown: 2024 Beauty Marketing StudyThe 15 Minute Breakdown: 2024 Beauty Marketing Study
The 15 Minute Breakdown: 2024 Beauty Marketing StudyKatherineBishop4
 
Indian Call Girl In Dubai #$# O5634O3O18 #$# Dubai Call Girl
Indian Call Girl In Dubai #$# O5634O3O18 #$# Dubai Call GirlIndian Call Girl In Dubai #$# O5634O3O18 #$# Dubai Call Girl
Indian Call Girl In Dubai #$# O5634O3O18 #$# Dubai Call GirlAroojKhan71
 
Dubai Call Girls O525547&19 (Asii) Call Girls Dubai
Dubai Call Girls O525547&19 (Asii) Call Girls DubaiDubai Call Girls O525547&19 (Asii) Call Girls Dubai
Dubai Call Girls O525547&19 (Asii) Call Girls Dubaikojalkojal131
 
Film= Dubai Call Girls O525547819 Call Girls Dubai Whsatapp
Film= Dubai Call Girls O525547819 Call Girls Dubai WhsatappFilm= Dubai Call Girls O525547819 Call Girls Dubai Whsatapp
Film= Dubai Call Girls O525547819 Call Girls Dubai Whsatappkojalkojal131
 
Call Girls In Dev kunj Delhi 9654467111 Short 1500 Night 6000
Call Girls In Dev kunj Delhi 9654467111 Short 1500 Night 6000Call Girls In Dev kunj Delhi 9654467111 Short 1500 Night 6000
Call Girls In Dev kunj Delhi 9654467111 Short 1500 Night 6000Sapana Sha
 

Kürzlich hochgeladen (11)

call Now 9811711561 Cash Payment乂 Call Girls in Dwarka
call Now 9811711561 Cash Payment乂 Call Girls in Dwarkacall Now 9811711561 Cash Payment乂 Call Girls in Dwarka
call Now 9811711561 Cash Payment乂 Call Girls in Dwarka
 
Best VIP Call Girls Noida Sector 50 Call Me: 8448380779
Best VIP Call Girls Noida Sector 50 Call Me: 8448380779Best VIP Call Girls Noida Sector 50 Call Me: 8448380779
Best VIP Call Girls Noida Sector 50 Call Me: 8448380779
 
The 15 Minute Breakdown: 2024 Beauty Marketing Study
The 15 Minute Breakdown: 2024 Beauty Marketing StudyThe 15 Minute Breakdown: 2024 Beauty Marketing Study
The 15 Minute Breakdown: 2024 Beauty Marketing Study
 
Top Rated Pune Call Girls Talegaon Dabhade ⟟ 6297143586 ⟟ Call Me For Genuin...
Top Rated Pune Call Girls Talegaon Dabhade ⟟ 6297143586 ⟟ Call Me For Genuin...Top Rated Pune Call Girls Talegaon Dabhade ⟟ 6297143586 ⟟ Call Me For Genuin...
Top Rated Pune Call Girls Talegaon Dabhade ⟟ 6297143586 ⟟ Call Me For Genuin...
 
Best VIP Call Girls Noida Sector 55 Call Me: 8448380779
Best VIP Call Girls Noida Sector 55 Call Me: 8448380779Best VIP Call Girls Noida Sector 55 Call Me: 8448380779
Best VIP Call Girls Noida Sector 55 Call Me: 8448380779
 
Best VIP Call Girls Noida Sector 51 Call Me: 8448380779
Best VIP Call Girls Noida Sector 51 Call Me: 8448380779Best VIP Call Girls Noida Sector 51 Call Me: 8448380779
Best VIP Call Girls Noida Sector 51 Call Me: 8448380779
 
The 15 Minute Breakdown: 2024 Beauty Marketing Study
The 15 Minute Breakdown: 2024 Beauty Marketing StudyThe 15 Minute Breakdown: 2024 Beauty Marketing Study
The 15 Minute Breakdown: 2024 Beauty Marketing Study
 
Indian Call Girl In Dubai #$# O5634O3O18 #$# Dubai Call Girl
Indian Call Girl In Dubai #$# O5634O3O18 #$# Dubai Call GirlIndian Call Girl In Dubai #$# O5634O3O18 #$# Dubai Call Girl
Indian Call Girl In Dubai #$# O5634O3O18 #$# Dubai Call Girl
 
Dubai Call Girls O525547&19 (Asii) Call Girls Dubai
Dubai Call Girls O525547&19 (Asii) Call Girls DubaiDubai Call Girls O525547&19 (Asii) Call Girls Dubai
Dubai Call Girls O525547&19 (Asii) Call Girls Dubai
 
Film= Dubai Call Girls O525547819 Call Girls Dubai Whsatapp
Film= Dubai Call Girls O525547819 Call Girls Dubai WhsatappFilm= Dubai Call Girls O525547819 Call Girls Dubai Whsatapp
Film= Dubai Call Girls O525547819 Call Girls Dubai Whsatapp
 
Call Girls In Dev kunj Delhi 9654467111 Short 1500 Night 6000
Call Girls In Dev kunj Delhi 9654467111 Short 1500 Night 6000Call Girls In Dev kunj Delhi 9654467111 Short 1500 Night 6000
Call Girls In Dev kunj Delhi 9654467111 Short 1500 Night 6000
 

Retail Industry Application Security Survey Insights

  • 2. 2 Application Security Practices Survey Insights for the Retail Industry • About this survey • What is being developed by enterprises? • What is not being tested? • How will things change in 12 months? • Executive commitment • A plan to close the gap
  • 3. 3 About the Survey • Conducted by IDG Research from May-June 2014 • Respondents: - 100 US - 100 UK - 106 Germany & Switzerland 26% 5% 6% 6% 8% 9% 11% 14% 16% Other Telecommunications Retail, Wholesale Healthcare, Medical, Biotech, Pharmaceuticals Advertising, PR, Marketing Business services, Consulting Manufacturing & Distribution High Tech (Computing HW, SW, Services) Financial services (banking, accounting,insurance) 0% 10% 20% 30% 17% 27% 16% 21% 18% $500 million - $999.9 million $1 billion - $2.9 billion $3 billion - $4.9 billion $5 billion - $9.9 billion $10 billion or more
  • 4. What is being developed by enterprises?
  • 5. 5 Retail Industry’s Application Portfolio Internally Developed vs. Externally Sourced Internally developed Sourced from commercial software vendor Outsourced (developed by third party) 35% 43% 22% Source: Veracode and IDG Research Services Q1. With the total equal to 100%, please estimate what proportion of your organization’s total enterprise application portfolio is internally developed vs. externally-developed/ sourced? Retail Base: 17 Average number of internally developed enterprise applications 2195 Source: Veracode and IDG Research Services Q9. How many internally developed enterprise applications are currently deployed within your organization? Retail Base: 17
  • 6. 6 Taxonomy of internally developed applications Source: Veracode and IDG Research Services Q3. With the total equal to 100%, approximately what percent of your internally developed enterprise application portfolio falls into the following application architecture categories? Retail Base: 17 33% 26% 18% 23% Mobile Applications Web Applications Client/Server Applications Terminal Applications RETAIL INDUSTRY
  • 7. What is being spent on securing internally developed applications?
  • 8. 8 Security spending on internally developed enterprise applications 0% 12% 12% 35% 24% 18% 0% 0% 0% 10% 20% 30% 40% Less than $100,000 $100,000 to $249,999 $250,000 to $499,999 $500,000 to $749,999 $750,000 to $999,999 $1M to $2.49M $2.5M to $4.9M $5M or more $0.8M Source: Veracode and IDG Research Services Q7a. Please estimate your organization’s overall spend on application security for internally developed applications? Total Retail Base: 17 RETAIL INDUSTRY
  • 9. 9 Breakdown of application security spending on internally developed applications Penetration Testing SAST DAST Application Discovery/Inventory Other 22% 25% 26% 23% 4% Source: Veracode and IDG Research Services Q7b. Approximately what percent of your organization’s application security budget for internally developed applications is spent on the following: Retail Base: 17 RETAIL INDUSTRY
  • 10. What is not being tested?
  • 11. 11 RETAIL INDUSTRY Internally developed applications not tested for security vulnerabilities Source: Veracode and IDG Research Services Q5a. For each application architecture listed below, approximately what percentage of your organization’s internally developed applications do you test for security vulnerabilities? (Total does not have to add up to 100%) Retail Base: 17 MOBILE APPLICATIONS 64% not tested for vulnerabilities WEB APPLICATIONS 65%not tested for vulnerabilities TERMINAL APPLICATIONS 63%not tested for vulnerabilities CLIENT/SERVER APPLICATIONS 67%not tested for vulnerabilities ALL APPLICATIONS 65%not tested for vulnerabilities A
  • 12. 12 RETAIL INDUSTRY Importance of closing the gaps in application security testing Source: Veracode and IDG Research Services Q5b. For each application architecture listed below, how important is it for your organization to close the gaps in coverage and move closer to testing 100% of your internally developed applications for security vulnerabilities? 80% MOBILE APPLICATIONS 87% WEB APPLICATIONS 88% CLIENT/SERVER APPLICATIONS 75% TERMINAL APPLICATIONS Respondent organizations reporting less than 100% coverage citing a critical or very important need to close gaps in coverage:
  • 13. How will things change in 12 months?
  • 14. 14 Changes in application security programs: 12 month projection for the Retail Industry Source: Veracode and IDG Research Services Q5a. For each application architecture listed below, approximately what percentage of your organization’s internally developed applications do you test for security vulnerabilities? (Total does not have to add up to 100%) Retail Base: 17 2.1% average increase Change in security spend for internally developed applications (or 141 new apps) Average growth of internally developed applications 6% average increase Estimated 2015 Budget: $0.82M Estimated 2015 Need: $2.41M To test all current and new applications with existing approaches $1.59M Average gap between need and budget Source: Veracode and IDG Research Services Q8. How do you expect your organization’s overall spending on application security for internally developed enterprise applications to change over the next 12 months? Retail Base: 17
  • 16. 16 RETAIL INDUSTRY Executive commitment to application security testing Executives have mandated an enterprise-wide program and are tracking implementation Executives are aware of but have not mandated an enterprise-wide program Executives are interested in application security for business critical applications only Executives have little interest in application security programs 41% 18% 41% 0% Source: Veracode and IDG Research Services Q9. Which of the following most accurately describes the level of executive commitment to application security testing (for internally developed applications) within your organization? Retail Base: 17
  • 17. 17 A Plan to Close the Gap* Anticipated spending increases are dramatically lower than the minimum spending increase that IDG determined is required to close the gap. Simply extrapolating the existing assessment approaches to close the gap puts the CSO in an untenable budgetary situation. The key is rethinking these elements: • How security gets built into applications as they are being developed • How to build in security at the scale and pace required to support the more than 340 anticipated new applications that enterprises, on average, will develop in the next 12 months • How to build in security so that it lowers the financial burden of proactively managing risk By seeking out best practices for implementing application security at scale, CIOs and CSOs can use their expected budget increases for initiatives that tackle their existing gap in a significant way. * Except from “Why Application Security is a Business Imperative” IDG Research, Aug 2014