Application Security, A Key Pillar in the Successful Realization of a Digital Transformation Program
Ronald Martey, Chief Information Security Officer, GCB Bank
Digital transformation has become a buzzword, especially because of the attention organizations all over the world gave to the term in the wake of the covid pandemic. It is often said that “necessity is the mother of invention,” and during the covid pandemic period, we all saw how various organizations went the extra mile to still deliver valuable services to their customers amid lockdowns and curfews.
The financial services industry was no exception, as banks especially had to come up with innovative ways to still deliver value to their customers. Banks whose main modus operandi was to service customers using traditional methods (brick and mortar approach) had to quickly get to the drawing board to devise ingenious ways to still provide valuable services to their customers. This led to rapid investments in digital products and services to meet customers’ needs end to end.
Digital transformation involves using digital technology to improve on already existing services. Particularly for financial institutions, digital transformation programs must involve developing innovative products and solutions that are intuitive, secure, and user-friendly.
Application security plays a vital role in any digital transformation program, irrespective of whether products are developed in-house or purchased off the shelf. Here are a few points that must be considered by organizations as part of embarking on a digital transformation journey from a Cyber security perspective.
1. Governance
This looks at the institutions' Application security policy, determining which methodologies, such as DevSecOps or Secure Software Development Lifecycle (SSDLC) that best suites the institution and the recruitment of an Application Security Manager who would own the application security policy and enforce the tenets within it.
For financial institutions, digital transformation programs must involve developing innovative products and solutions that are intuitive, secure, and user-friendly 
2. Tools
Tools such as static application security testing (SAST) and dynamic application security testing (DAST) must be considered in an institution’s digital transformation program. SAST involves technologies designed to check application source codes for vulnerabilities. DAST involves analyzing a web application from the front end to find vulnerabilities through simulated attacks. Both solutions help check for vulnerabilities during the various phases of application development.
3. Application Programming Interface (API) Security
According to Gartner, “API abuse will be the most-frequent attack vector resulting in data breaches for enterprise web applications. APIs are the mechanisms through which multiple applications integrate or “talk to each other.” Care must be taken in integrating institution-owned applications with third-party applications, as this can lead to data breaches. Institutions must adopt API security best practices to ensure the protection of sensitive data between multiple applications, especially third-party applications.
4. Penetration testing
Security considerations in a digital transformation program build resilience in all products and services associated with the program. Organizations that are not considering security as part of their digital transformation programs are likely to experience operational disruptions, compliance and regulatory failures, and intellectual property theft.
