OPINION: Canadian brands need a new cyber security approach to meet evolving consumer needs

Gregg Ostrowski

As Cyber Security Awareness Month is underway this October, consumers are encouraged to “#GetCyberSafe” and focus on cyber hygiene to keep their information protected.

Without a doubt, the need for all of us to think and act carefully about how we share and protect our personal data has never been greater. The use of applications and digital services has skyrocketed as Canadians have relied almost exclusively on digital services in almost every area of their lives due to the pandemic and how we now operate.

A recent consumer study found that the number of applications Canadians are regularly using has risen to 30 different apps since the beginning of 2020. And of course, a major element of this increase is among those who are new to digital services, forced to use applications for the first time during lockdown to buy groceries, stay connected to friends and family and access critical services.

Sadly, the sudden introduction of millions of vulnerable people into cyberspace has presented a massive opportunity for cybercriminals. As the Canadian Centre for Cyber Security reported last year, one in four Canadians feel they are not prepared to face cyber threats, two in five Canadians say they have been the victim of a virus, spyware or malware on their computer and one in four Canadians have been victimized by an email scam. Unfortunately, the scale and sophistication of these threats have only increased.

Consumers want security built into the total application experience

With Canadians using a wider range of applications during the pandemic, their eyes have been opened to the incredible digital experiences that many brands are now delivering. Expectations for applications have soared and tolerance for anything less than the best digital experiences has disappeared.

The research found that consumers now demand the “total application experience,” a high-performing, reliable digital service which is simple, secure, helpful and fun to use. And they expect these services to be personalized to their own individual needs and add real value to their lives. It’s worth noting that the importance people are now attaching to security has increased significantly as well. In fact, when asked to characterize the elements that make up the ideal digital experience, security was the main factor Canadians cited as critical.

Even though Canadians are now demanding the most innovative, intuitive and personalized digital experiences every time they use an application, they absolutely do not want this to compromise their security. They now expect their data to be held safely at all times.

An application-first approach to meet the new security challenge

The dramatic increase in demand for applications and digital services, coupled with these heightened expectations for flawless application performance, presents a huge challenge for IT and security teams.

Across all sectors, there has been rapid acceleration in adoption of cloud computing technologies over the last 18 months. But this has meant that organizations now find themselves trying to manage and protect soaring volumes of customer data across an increasingly sprawling IT estate.

Technologists that were previously looking after a relatively consistent and fixed IT infrastructure find themselves having difficulty with a constantly evolving IT estate. Now, customer data is stored across distributed locations and often under different jurisdictions. At the same time, they’re facing an unprecedented rise in malicious security threats and a growth in modern applications complexity, running on-prem, multi-cloud and cloud-native microservices.

The only way that organizations can begin to handle this challenge is to embrace a new approach where security is a major consideration and driving force at the beginning of the development cycle. We need to move away from the belief that proper application security posture inhibits speed and innovation.

This means discarding perimeter-based solutions that rely on traffic routing through them, and assumptions of what the application might do, with the payload. It’s simply not feasible to continue with an approach of application and security teams taking an average of 280 days to detect and contain a data breach.

Instead, technologists need a new approach that protects the application from the inside-out. An application-first approach enables IT and security teams to identify vulnerabilities and threats within the application in production, and to protect the application against attacks in real time. This allows them to correlate security and business data to prioritize remediation based on potential business insight.

In order to implement this new, proactive approach to security, application and security teams need to have the right tools at their disposal. They need to ensure that wherever an application runs, they’re able to organically add security capabilities from within the runtime. In doing so, they can protect the application environment and continue to deliver the “total application experience” that customers have come to expect.

Gregg Ostrowski is an Executive CTO at AppDynamics, part of Cisco. He engages with customer senior leadership to help prioritize their strategy for digital transformation. Prior to AppDynamics, Gregg held senior leadership positions at Samsung and Research in Motion, and he has more than 20 years of experience in the industry.