Can application security stack bring in effective digitization in BFSI?

The global crisis has created a pressing need for cybersecurity and also an opportunity for cybersecurity firms, particularly those catering to the BFSI sector. With increased cybersecurity attacks over the last decade, cybersecurity solutions have to adapt to mitigate the increased risk of targeted attacks.

We caught up with an expert in the cybersecurity domain Venkatesh Sundar, Founder & CMO of Indusface, an application security SaaS company that has been successful in providing focused application security services for its clients in the BFSI sector. He gives an in-depth analysis of applications’ security stack and its impact on the BFSI sector.

1. What steps must be taken to strengthen protection measures in the BFSI sector?
   1. Application is the heartbeat of digitation initiatives in BFSI and hence AppSec has to be the center of building a security program.
   2. Applications and its security are the ownership of the business (shared security model that any cloud and hosting provider talks about).
   3. Application security requires a special skill set and businessses have to take ownership and partner with experts to address it effectively. They should demand more managed services from security product vendors instead of just providing tools as that is when the real value and benefit are realized for application security.
2. Why has there been a prevalence of the application security stack, and what has been the technology’s success/failure?

The stack can be split into the following aspects:

• Development Stages – SAST tools (Static Application Security Testing, manual secure code review from experts)
• Test/Production – DAST tools (Dynamic Application Security Testing, manual penetration testing, and business logic testing from experts)
• Operation – Web Application and API Protection and manual monitoring based on targeted alerts and updates to policy against OWASP attacks, DDoS, and Bots

The key to success and failure depends on not just the features in the tool but also having the expertise to manage it on an ongoing basis.  Businesses should demand more from tool providers to provide this as part of their license and not just throw in a tool and walk away

3. What impact will the application security stack have on digitization in the BFSI domain?

Central to the success of digitization is an application and the security of these applications by keeping bad actors away and helps maintain business continuity. It also increases the efficiency of app performance by ensuring it deals only with legitimate and actual user payload reducing its operating cost, and increasing the accuracy of any analytics and insights that are needed as part of operations for improving the core app.

4. Can you discuss the risks associated with the technology and how firms like yours have mitigated them?

The main risk is many moving parts and integration of components with many owners of those components that are part of an app stack.  With the API economy the speed of using, aggregating, and providing new capabilities happens at tremendous speed, and keeping them all secure with all these moving parts with different owners all exposed over the internet is a huge challenge and hence the need for partnering with experts is key for businesses to Go Digital Fearlessly.