Gartner Maverick Report: Self Healing Apps
Forbes | Tom Groenfeldt writes:
In a report distributed under the label “Maverick Research”, Gartner’s Joseph Feiman says it is time to change the way IT does security.
“Modern security fails to test and protect all apps. Therefore, apps must be capable of security self-testing, self-diagnostics and self-protection. It should be a CISO top priority.”
His reasoning seems to make sense:
“Infrastructure and perimeter protection technologies inherently lack insight into application logic and configuration, event and data flow, executed instructions and data processing. Thus, they lack the necessary means to ensure accurate detection of application vulnerabilities and protection against application-level attacks.”
There are too many apps to test, testing fails to scale to the enterprise demand level and the tools for testing are too complex and inaccurate, writes Feiman.
Otherwise everything looks fine.
Well, maybe not. he writes that the ratio of perimeter security to application security is 23:1.
“Considering the ineffectiveness of perimeter protection in stopping attacks, this ratio cries for a fundamental change.”
Feiman believes self-protection of applications is quite achievable.
“We believe that by 2020, 25% of Web and cloud applications will become self-protecting, up from less than 1% today.”