It’s no secret that, today, the diversity of R&D allows companies to rapidly introduce new applications and push changes to existing ones. But this great complexity for application security teams results in significant AppSec management challenges, according to Barak Tawily, co-founder and Chief Technology Officer (CTO) of Enso Security. These challenges, he says, include the difficulty of tracking applications across environments, measuring risks, prioritizing tasks and enforcing uniform Application Security strategies across all applications.
But as companies push out code faster than ever, the application security teams aren’t able to keep up — and may not even know about every application being developed internally. argues that application security today is often a manual effort to identify owners and measure risk, for example — and the resources for application security teams are often limited, especially when compared the size of the overall development team in most companies, Tawily believes. Indeed, he argues that most AppSec teams today spend most of their time creating relationships with developers and performing operational and product-related tasks — and not on application security. Here, we talk to Tawily about AppSec and why enterprise security should be concerned with AppSec.