Organizations Not Focusing Enough on Web App Security, Survey Finds
A survey of 638 IT pros suggests many organizations aren't taking Web application security as seriously as they should be. The survey, performed by the Ponemon Institute and commissioned by Imperva and WhiteHat Security, found that 70 percent of the respondents felt their organizations do not allocate sufficient resources to secure critical Web applications. Some 73 percent said their senior executives were not strong supporters of Web app security efforts, and 71 percent said their organization does not consider it to be a strategic initiative across the enterprise. This is problematic, since 51 percent reported that more than half of their organization's mission-critical business processes are accessible via the Web. "Only within the last couple of years have we seen this activity really ramp up," Brian Contos, chief security strategist at Imperva, said businesses need a clear understanding of what regulations require, what the threat landscape and where the critical applications and databases are. Organizations also need to know what their databases contain, and focus on improving communication between security operations and app development teams, he added. "Few developers have a security background, and few security professionals are application developers," Contos said. "We can't ask the race car driver to be the mechanic, and the mechanic to win the race with any semblance of success." |
