'Tis the season for secure apps

Make sure apps don't disappoint this festive season.

Read time 5min 00sec

Security breaches and software failures have made headlines throughout 2017. One of the most high profile was Uber's recent admission it had paid hackers $100 000 to destroy data on more than 57 million customers and drivers stolen from the company. Uber revealed it was first hacked in October 2016 and discovered the data breach the following month.

Apps are identified as one of the most vulnerable gateways for both security and performance issues.

So, how can companies prepare their apps to avoid lost revenue, broken trust and bad PR?

They must implement strategies to battle the most commonly occurring challenges. Maintaining the user experience is at the top of the list. Regardless of the industry, customers expect up-to-date applications, an excellent user experience and seamless performance. This means companies must be able to develop and deliver apps with speed, quality and a compelling experience. With the demand of the festive shopping season, companies will rely on an agile approach to help them sense and respond to change based on how their app is performing and how consumers are responding.

The solution to this is to pair an agile approach with DevOps. Delivering a quality user experience depends on more than just the quality of the application - it also relies on the company's ability to keep customers engaged with a compelling experience - the latter is the name of the game.

Twice shy

Research reveals in over 60% of cases, lost digital consumers never return to be bitten twice through a bad user experience. To monitor digital experiences, companies need an analytics solution that allows them to see potential problems before they start affecting the customer experience, and resolve them.

DevOps, continuous delivery and testing have all proven to increase the pace at which companies can deliver innovations to the market. Pairing agile with DevOps will enable companies to deliver apps much faster. But it's important not to forget to establish a continuous testing practice to ensure the company is adequately - and quickly - testing applications for performance, user experience and security.

Cyber criminals take advantage of peak season shopping.

The advantage grows significantly when combining an advanced DevOps practice with cloud-based tools and delivery models. A recent study showed organisations with a high level of commitment to both DevOps and cloud saw an 81% increase in overall software delivery performance. These same companies were able to deliver software 90% faster, with a 69% increase in user experience.

The next challenge is seamless continuous delivery. A company's ability to deliver quality software faster is dependent on its entire toolchain - one weak link can stand in the way of both time-to-market and quality. That's why it is important to take a comprehensive approach to continuous delivery.

Trial and error

The solution here is to test again and again. Testing is not an event that happens at a single point in time; it should be woven throughout the entire software development life cycle - starting in the requirement phase. This is the foundation of continuous testing.

Doing app security testing can also help find vulnerabilities that would be susceptible to a denial of service attack. If a revenue boosting app is down due to a distributed denial of service attack, it can be just as damaging as a data breach.

Controlling security risks and protecting data is the third big challenge. The application economy has drastically changed the landscape of IT security. Cyber criminals take advantage of peak season shopping, like Black Friday or the festive season. Risk has to be controlled, but in such a way that the application performance strategy isn't bogged down by security.

The solution here is to automate and lean into artificial intelligence (AI). Security must be automated, meaning authorisations to reduce fraud should be done automatically, with minimal pain. This will make it easier to balance revenue growth with risk control.

The use of threat analytics will allow companies to identify risky behaviour from trusted users (or cyber attackers masquerading as trusted users) and permit companies to block access.

There are AI tools that can learn and monitor consumers' behaviour patterns for anomalies and red flag any that may be fraudulent. When AI is paired with machine learning, businesses can provide real-time protection and strategies to mitigate fraudulent attempts plus cardholder and issuer risk.

What will be in 2018?

Some companies have mastered their digital transformation, while others are just beginning the journey. But, no matter where the business lies on the spectrum, there will always be new challenges to overcome that will require a comprehensive, effective suite of tools, so thinking beyond peak seasons is key.

It's tough to future-proof an app, so testing for vulnerabilities is like trying to predict the future. The vulnerabilities of today are known, but the ones of tomorrow are not. Threat analytics can help to determine behaviours that could be used to identify new types of attacks targeting new and unknown vulnerabilities.

As the world continues to become mobile-first, each year the festive season promises more app traffic than the one before, so preparing apps properly now will ensure a team's fluency in best practices later - not to mention continued customer loyalty.

It's the one time a company will be happy to see its competitors making the headlines and know that there, but for the grace of good practices, go you and your business.

Sagan Pillay
Security solution strategist at CA Southern Africa

Sagan Pillay joined CA Southern Africa in 2016, where he is a security solution strategist. Pillay has in excess of a decade of IT experience, seven of which have been in the security arena. Previously, he worked for Hyperion Holdings and Quantum Technologies.

Have your say
a few seconds ago
Be the first to comment