Application Security, A Key Pillar in the Successful Realization of a Digital Transformation Program
CIOReview
CIOREVIEW >> Cyber Security Africa >>

Application Security, A Key Pillar in the Successful Realization of a Digital Transformation Program

Ronald Martey, Chief Information Security Officer, GCB Bank
Ronald Martey, Chief Information Security Officer, GCB Bank

Ronald Martey, Chief Information Security Officer, GCB Bank

Digital transformation has become a buzzword, especially because of the attention organizations all over the world gave to the term in the wake of the covid pandemic. It is often said that “necessity is the mother of invention,” and during the covid pandemic period, we all saw how various organizations went the extra mile to still deliver valuable services to their customers amid lockdowns and curfews.

The financial services industry was no exception, as banks especially had to come up with innovative ways to still deliver value to their customers. Banks whose main modus operandi was to service customers using traditional methods (brick and mortar approach) had to quickly get to the drawing board to devise ingenious ways to still provide valuable services to their customers. This led to rapid investments in digital products and services to meet customers’ needs end to end.

Digital transformation involves using digital technology to improve on already existing services. Particularly for financial institutions, digital transformation programs must involve developing innovative products and solutions that are intuitive, secure, and user-friendly.

Application security plays a vital role in any digital transformation program, irrespective of whether products are developed in-house or purchased off the shelf. Here are a few points that must be considered by organizations as part of embarking on a digital transformation journey from a Cyber security perspective.

1. Governance

This looks at the institutions' Application security policy, determining which methodologies, such as DevSecOps or Secure Software Development Lifecycle (SSDLC) that best suites the institution and the recruitment of an Application Security Manager who would own the application security policy and enforce the tenets within it.

  ‚ÄčFor financial institutions, digital transformation programs must involve developing innovative products and solutions that are intuitive, secure, and user-friendly   

2. Tools

Tools such as static application security testing (SAST) and dynamic application security testing (DAST) must be considered in an institution’s digital transformation program. SAST involves technologies designed to check application source codes for vulnerabilities. DAST involves analyzing a web application from the front end to find vulnerabilities through simulated attacks. Both solutions help check for vulnerabilities during the various phases of application development.

3. Application Programming Interface (API) Security

According to Gartner, “API abuse will be the most-frequent attack vector resulting in data breaches for enterprise web applications. APIs are the mechanisms through which multiple applications integrate or “talk to each other.” Care must be taken in integrating institution-owned applications with third-party applications, as this can lead to data breaches. Institutions must adopt API security best practices to ensure the protection of sensitive data between multiple applications, especially third-party applications.

4. Penetration testing

The final lap before an application should be declared fit for use by customers must involve both internal and external penetration testing activities. Penetration testing involves simulating various kinds of attacks against an application to check for exploitable vulnerabilities. Depending on an institution’s maturity levels, an internal penetration testing team or Red team should conduct initial tests in addition to activities to be performed by external penetration teams, especially when an application would be exposed over the internet, as this increases the attack surface.

Security considerations in a digital transformation program build resilience in all products and services associated with the program. Organizations that are not considering security as part of their digital transformation programs are likely to experience operational disruptions, compliance and regulatory failures, and intellectual property theft.

Read Also

What It Truly Means For IT Security To Bea Business Enabler

Richard Frost, Senior Cyber Security Manager, esure Group

Digital Transformation 2 Requires a CIO v2.x

Guy Saville, Director - Responsible for IT, Business Systems & Credit at SA Home Loans

Leverage ChatGPT the Right Way through Well-Designed Prompts

Jarrod Anderson, Senior Director, Artificial Intelligence, ADM

Water Strategies for Climate Adaption

Arnt Baer, Head of General Affairs & Public Affairs, GELSENWASSER AG

Policy is a Key Solution to Stopping Packaging Waste

Rachel Goldstein, North America Policy Director, Sustainable in a Generation Plan, Mars

Congestion-Driven Basis Risk, A Challenge for the Development of...

Emma Romack, Transmission Analytics Manager, Rodica Donaldson, Sr Director, Transmission Analytics, EDF Renewables North America