Application security initiatives and programs are getting good at getting down to where an organization’s data lives and protecting it against threats, but that is only one piece of the security puzzle. With limited amounts of time, resources and people available to tackle security, organizations have had to prioritize what gets protected.
“For instance, an organization may develop 100 different applications. Since it is not always cost effective or time efficient to come up with a customized security plan for each application, only the applications considered critical receive top priority, maybe five or six of them, and the remaining 95 or so are deprioritized in terms of security,” according to Chad McDonald, chief information officer and chief information security officer at Digital.ai, a software solutions provider. “That doesn’t mean those 95 applications don’t require protection, it just means that the risk is somewhat lower,” he noted.