Capgemini: how to handle security of business applications
For companies looking to differentiate themselves in a digital world, developing new applications that can be launched to market quickly is critical.
The ability to innovate fast is often the competitive edge that allows an organisation to rapidly scale, particularly in a technology-driven market, such as banking or healthcare. And as consumers generate more data than ever before, the opportunity for smart companies is to feed information into application development, improving the customer experience and generating new revenue streams.
And yet no company should develop applications that risk losing the trust of the customer. Every application that relies on customer data must use it in a responsible way, and security must be baked in from the start.
Speed-to-market, innovation and security are the most important considerations when developing applications, but often, speed and security are seen as mutually exclusive, with one coming at the cost of the other. Typically when choosing between these considerations, a desire for speed and innovation wins out.
The false belief that security hampers innovation is leading to severe security vulnerabilities for organizations and ultimately their reputation. Figures from HPE and Gartner point out that 80% of attacks are happening at an application layer. Many recent high-profile attacks that hit the headlines were carried out via exploits of applications.
The reason applications are such a target is that security tends to be ‘brushed on’ an application as it nears completion, rather than ‘baked in’ from the first line of code. To extend the cooking analogy further, organizations must consider the recipe and ingredients - the processes and tools - needed to make security an integral part of development from day one in order to minimize risk and establish the trust of the user. And contrary to popular belief, a security by design approach enables companies to ensure development does not take too long.
Baking in Security from Day One
When embarking on application development there are two main vulnerability pain points to look out for. The first is spotting flaws in the application design. A poor design, in itself, causes security vulnerabilities.
The second is coding flaws. For the application to be secure there needs to be a tight balance between coding and design. A good example is Apple’s iPhone. Apple’s flagship product has a very close alignment between the coding and the design of the phone, which tightens the defense system against outside threats. A lot of problems encountered in the software industry are due to a mismatch between design and the final product. Software is coded by developers, and if they’re not adding good code, there’s a higher risk of vulnerabilities emerging.
Design flaws are difficult to address, but there are tools already available on the market that detect coding flaws with up to 99% accuracy. Organizations need to work with their developers to instill in them an increased awareness of cybersecurity and provide the tools needed to work it into their current processes. For example, a tool that analyses a developer’s coding in near-real time, and alerts them to security flaws as they code. Not only does this catch any vulnerability early on, streamlining the process and enhancing security, it helps stimulate a culture shift towards a more ‘baked-in’ approach for cyber secure coding.
Considering all Third Party Ingredients
Identifying vulnerabilities within your own application is only half of the battle, as no application runs in a vacuum. They talk and receive data from others, such as web service interfaces, REST APIs or Open Source. For instance, if you want to include a login, there are several Open Source login frameworks available, but just like custom code, Open Source isn’t immune to vulnerabilities.
For example, the ShellShock bug a few years ago was a direct result of vulnerability in the code of an Open Source component, one that’s still impacting web servers and servers around the world. There are countless Open Source components available, but developers need to be cautious of any code they’ve not developed and tested themselves, and they need to be properly integrated into a development process.
Molding a Cultural Shift
While these points give organizations a flavor of the kind of processes and tools developers need, the real challenge comes when they try to make security an integrated part of their culture. Many organizations are creating sound security policies, but they mean nothing unless there’s a process in place to enforce them.
One model is a zero tolerance approach. If a vulnerable application is developed, a company should refuse to deploy it. Over a period of time, this causes a behavioral change, and sends a strong message that speed must not come at the cost of security.
A Recipe for Security Success
Application security is clearly important, and it is becoming even more so as the digital world begins to bleed into the physical one. A hack leading to leaked customer information or stolen credit card details is bad enough, but we only need to look at the automotive industry for a glimpse at the threats that lie ahead. As cars have become more connected, they have grown susceptible to remote attacks that can do anything from change the radio station to control the brakes and steering. If applications aren’t secure, they will soon lead to physical threats, not just digital or reputational ones.
By encouraging teams to place cybersecurity at the heart of development at each stage of the life cycle, applications will be ready to be deployed where they can generate benefits to the organization without requiring costly and embarrassing patches.
By Mike Turner, VP Cybersecurity at Capgemini
Read the July EURO 2016 issue of Business Review Europe magazine.
Automation of repetitive tasks leads to higher value work
Two-thirds of global office workers feel they are constantly doing the same tasks over and over again. That’s according to a new study (2021 Office Worker Survey) from automation software company UiPath.
Whether emailing, inputting data, or scheduling calls and meetings, the majority of those surveyed said they waste on average four and a half hours a week on time-consuming tasks that they think could be automated.
Not only is the undertaking of such repetitious and mundane tasks a waste of time for employees, and therefore for businesses, but it can also have a negative impact on employees’ motivation and productivity. And the research backs this up with more than half (58%) of those surveyed saying that undertaking such repetitive tasks doesn’t allow them to be as creative as they’d like to be.
“When repetitive, unrewarding tasks are handled by people, it takes time and this can cause delays and reduce both employee and customer satisfaction,” Gavin Mee, Managing Director of UiPath Northern Europe tells Business Chief. “Repetitive tasks can also be tedious, which often leads to stress and an increased likelihood to leave a job.”
And these tasks exist at all levels within an organisation, right up to executive level, where there are “small daily tasks that can be automated, such as scheduling, logging onto systems and creating reports”, adds Mee.
Automation can free employees to focus on higher value work
By automating some or all of these repetitive tasks, employees at whatever level of the organisation are freed up to focus on meaningful work that is creative, collaborative and strategic, something that will not only help them feel more engaged, but also benefit the organisation.
“Automation can free people to do more engaging, rewarding and higher value work,” says Mee, highlighting that 68% of global workers believe automation will make them more productive and 60% of executives agree that automation will enable people to focus on more strategic work. “Importantly, 57% of executives also say that automation increases employee engagement, all important factors to achieving business objectives.”
These aren’t the only benefits, however. One of the problems with employees doing some of these repetitive tasks manually is that “people are fallible and make mistakes”, says Mee, whereas automation boosts accuracy and reduces manual errors by 57%, according to Forrester Research. Compliance is also improved, according to 92% of global organisations.
Repetitive tasks that can be automated
Any repetitive process can be automated, Mee explains, from paying invoices to dealing with enquiries, or authorising documents and managing insurance claims. “The process will vary from business to business, but office workers have identified and created software robots to assist with thousands of common tasks they want automated.”
These include inputting data or creating data sets, a time-consuming task that 59% of those surveyed globally said was the task they would most like to automate, with scheduling of calls and meetings (57%) and sending template or reminder emails (60%) also top of the automation list. Far fewer believed, however, that tasks such as liaising with their team or customers could be automated, illustrating the higher value of such tasks.
“By employing software robots to undertake such tasks, they can be handled much more quickly,” adds Mee pointing to OTP Bank Romania, which during the pandemic used an automation to process requests to postpone bank loan instalments. “This reduced the processing time of a single request from 10 minutes to 20 seconds, allowing the bank to cope with a 125% increase in the number of calls received by call centre agents.”
Mee says: “Automation accelerates digital transformation, according to 63% of global executives. It also drives major cost savings and improves business metrics, and because software robots can ramp-up quickly to meet spikes in demand, it improves resilience.
Five business areas that can be automated
Mee outlines five business areas where automation can really make a difference.
- Contact centres Whether a customer seeks help online, in-store or with an agent, the entire customer service journey can be automated – from initial interaction to reaching a satisfying outcome
- Finance and accounting Automation enables firms to manage tasks such as invoice processing, ensuring accuracy and preventing mistakes
- Human resources Automations can be used across the HR team to manage things like payroll, assessing job candidates, and on-boarding
- IT IT teams are often swamped in daily activity like on-boarding or off-boarding employees. Deploying virtual machines, provisioning, configuring, and maintaining infrastructure. These tasks are ideal for automation
- Legal There are many important administrative tasks undertaken by legal teams that can be automated. Often, legal professionals are creating their own robots to help them manage this work. In legal and compliance processes, that means attorneys and paralegals can respond more quickly to increasing demands from clients and internal stakeholders. Robots don’t store data, and the data they use is encrypted in transit and at rest, which improves risk profiling and compliance.
“To embark on an automation journey, organisations need to create a Centre of Excellence in which technical expertise is fostered,” explains Mee. “This group of experts can begin automating processes quickly to show return on investment and gain buy-in. This effort leads to greater interest from within the organisation, which often kick-starts a strategic focus on embedding automation.”