In 2011, Marc Andreessen said “software is eating the world”. Today, it could be said that digital transformation is eating the organization as many upgrade their infrastructure at a furious pace.
It would be difficult to find a company today that isn’t impacted in some way by digital transformation. In fact, 75% of organizations have made significant strides to upgrade their infrastructure just in the last year alone. And a big part of that is application security and the move to the cloud.
“In today’s rapidly evolving landscape of web application security, organizations are constantly striving to adapt and fortify their infrastructure, particularly with the rise of hybrid work environments.”
But, there is a cost to all this transformation and the move to the cloud: an increased attack surface. In keeping with the numbers above, “67% of organizations have seen their attack surfaces grow in size over the past two years.” And what companies are quickly realizing is that infrastructure upgrades alone don’t guarantee strong security.
There are a lot of ways to fall short when it comes to infrastructure security in general and application security in particular. You can look to lists like the OWASP Top 10 to get a sense of what you’re up against. But that may not even help much, because at the end of the day, securing digital infrastructure is really difficult. It’s why data breaches continue to rise (by 70% globally in Q3 2022) even though companies work tirelessly to prevent them.
The bottom line? “98% of organizations would benefit from additional prevention-based approaches.” In other words, something else is needed, but what?
Securing Infrastructure and Applications
It’s generally agreed that preventing a security incident is preferable to responding to one. In the same vain, it’s better to find an application vulnerability in development, before it’s deployed. The idea of finding and addressing security threats sooner is known as shifting left. And it’s a very good strategy for securing applications and infrastructure.
One of the very best ways to shift left is with threat modeling. Oh sure, there are other practices that can be used with shift left, but threat modeling is the only one that specifically and purposefully reduces the attack surface. And that’s precisely what each of these companies, upgrading their infrastructure, needs to do most.
While threat modeling may be intimidating to some, there are tools available now, like ThreatModeler, that make it much easier. In fact, in some circumstances, such as live cloud environments, creating a threat model with ThreatModeler only requires one click.
If you’re going to upgrade your infrastructure, don’t do it without threat modeling. And if you’re going to be doing threat modeling, don’t do it without ThreatModeler.