ABI Research recently undertook a comprehensive study to learn more about the product security assurance landscape from the perspective of enterprise customers, surveying 302 enterprise customers and conducting in-depth interviews, to complement the qualitative survey.
Due to the rapidly-evolving cybersecurity landscape, and the effort by hostile actors to find and exploit reported software and hardware vulnerabilities, companies are facing more sophisticated threats. While IT departments are using security assurance to help secure their systems, technology vendors are applying enhanced security assurance practices to proactively improve the resilience of their products and their responses when a security vulnerability is found in a product. Product security assurance spans both hardware and software, consisting of people, practices, and processes that act as the first line of defence in any technology system. Systems, after all, are only as good as the components they are made of. Vendors must take a layered approach to product security assurance, and invest in the personnel and processes, in addition to the technologies to embed security throughout operations and product development lifecycles.
Security assurance is proving to be particularly vital in the chipset industry. Device supply chains are becoming more complex, raising concerns about counterfeiting, data exposure, and component substitution. Enforcing standards and regulations has, therefore, become challenging due to the lack of full transparency and visibility in the supply chain. As a result, demand is growing for holistic product security assurance frameworks that instil high levels of confidence in customers.
A survey of 302 enterprise customer-based respondents was conducted by ABI Research to gain insight into how they view the product security assurance of the technology equipment they are purchasing. It delved into the issues, concerns and priorities enterprise customers have regarding the security of the IT equipment they are purchasing. A mature secure development lifecycle (SDL), bug bounty programs, well-structured internal product security training, and industry engagement are critical processes for implementing security assurance and compliance requirements into all stages of product development. These areas were raised as important distinguishing factors for a strong security posture in the survey. Some of these practices, like SDL, were also seen as the capability that needed the most improvement and transparency from technology vendors.
A recurring theme that surrounded these conversations was the growing concern about data security, particularly in the cloud. The evolution of artificial intelligence and machine learning, and their adoption in cybersecurity was also discussed, though it was viewed that regulatory intervention will be required to unlock their full potential. Overall, there was a consensus among both technology vendors and enterprise customers that the individual is central to security-driven processes. The value of adopting a security-first mindset throughout the product development process was recognised and appreciated. Enterprise customers also recognised that there was no one solution for security assurance. Overall, this underscores that every industry has different requirements and demands, so security issues vary by organisation. Technology vendors providing products into every industry in the market must find a way to provide security for the most sensitive industries, while also prioritising performance for other more general industries.
To access the full whitepaper visit https://www.instrumentation.co.za/ex/abi_security.pdf
© Technews Publishing (Pty) Ltd | All Rights Reserved
printer friendly version