Business & Technology

Report: 4 Application Security Challenges for DevSecOps

By Brian Schwarz | September 10, 2021
Unique Applications in your Environment

Applications have increasingly become one of the primary ways organizations deliver key capabilities to their employees, customers, and business partners. For business-critical workflows, organizations look to enable access from any device from anywhere that the user can access an internet connection. As fewer line-of-business applications lack a public-facing interface, this easy access helps enhance productivity and reduces operational friction. However, many times these mission-critical applications that organizations and users rely on are directly exposed to untrusted networks and are increasingly exposed via public-facing web applications and APIs, with security implications that must be addressed.

Fortinet recently partnered with CyberSecurity Insiders to conduct a global survey of cybersecurity professionals to help understand the challenges security professionals face as their organizations increase both the number of applications deployed and the pace at which these applications change. In this blog, we outline the key findings and takeaways uncovered in the report and explain how Fortinet’s Adaptive Cloud Security offerings, which are a part of the Security Fabric, can help organizations with these challenges.

4 Security Challenges When Securing Applications

The CyberSecurity Insiders 2021 Application Security Report, which was commissioned by Fortinet, interviewed more than 300 security professionals globally. In the past year, with more remote workers than ever before, organizations had to rely on applications to ensure their business and critical workflows weren’t interrupted. Unsurprisingly, 48% of respondents had more than 100 unique applications running in their environment, with 26% reporting more than 500 unique applications. This explosion of applications has compounded existing challenges that security teams face when it comes to securing applications. Key takeaways from the Application Security report include:


  • Organizations lack confidence in their current security posture. Only 43% of organizations are very or extremely confident about their application security, with a top concern for 46% of respondents being the ability to adequately secure data. With an average of 25 application updates every month, multiplied across so many applications, the attack surface for organizations evolves rapidly and organizations have difficulty keeping up. 

  • Breaches are frequent and customers may not be aware of all of them. 43% of organizations confirmed they experienced application breaches or compromises in the past. More than a third of respondents (35%), however, acknowledged that they did not know when the last breach occurred. As Fortinet’s FortiGuard Labs’ 2021 mid-year Global Threat Landscape Report indicates, the volume of ransomware attacks in the past few months has increased tenfold. Notably, prominent web application technologies such as Drupal, vBulletin, and PHP consistently show up in the top 10 technologies being targeted by threat actors.

  • The pace of software updates increases the challenge. With an average of 25 software updates being published into production every month, consistent and frequent threat and vulnerability testing is critical. Only 21% of respondents confirmed that they test every time the code changes. 

  • The cybersecurity and cloud security skills gap is top of mind. Many of those surveyed feel that they don’t currently have the resources on their teams to keep up with the growing sophisticated threat landscape. Lack of skilled personnel tops the list of barriers that organizations are facing when securing their web applications according to 46% of survey respondents.

Ensuring Application Security with Fortinet’s Adaptive Cloud Security Offerings

Fortinet delivers a platform approach through the Security Fabric to help organizations address their biggest security challenges. The Fortinet Security Fabric enables self-healing security and networking to protect people, devices, data, and applications everywhere. When it comes to application security, our FortiWeb solution delivers the capabilities organizations need to secure their public-facing web applications and APIs. We combine web application security, bot mitigation, and API security with enhancements like machine-learning-based anomaly detection that identifies malicious activity without the need for the manual policy tuning that other WAF solutions require. Fortinet can help organizations secure their application attack surface and enable the mission-critical line of business applications that they need to succeed and achieve their desired business outcomes.

To learn more about the key findings, access the report here

Learn how Fortinet’s adaptive cloud security solutions provide the necessary visibility and control across cloud infrastructures, enabling secure applications and connectivity from data center to cloud.