Dhaval Gupta & Soma Tah
Technology has become the centerpiece of the almost every business strategy today, and hence, no matter what industry verticals the businesses are in- they are invariably becoming a software-powered business. As businesses start to deliver services and goods to the customer through software and software apps, the developers start reeling under the pressure to deliver applications more frequently and faster than ever before. And as this happens, security woes due to software design mistakes also deepen further.
Here are some staggering numbers to confirm this. Security threats due to software and code issues are a growing concern indeed, admitted 74 percent of respondents in the recently published CA Veracode’s State of Software Security Survey Report. Vulnerabilities also continue to crop up in previously untested software at an alarming rate, with 77 percent of apps having at least one vulnerability on the initial scan.
In light of these study findings, CIOL spoke to Ayman Sayed, President and the Chief Product Officer at CA Technologies to know how DevSecOps come to the rescue and enable organizations with faster time to market without compromising on security, his take on India market, and more.
Security often used to be an afterthought in the software development lifecycle. What's causing the 'shift left' then?
As businesses started embracing the modern software factory, they quickly realize that they need to stop considering security as an afterthought and do a shift left. Finding a defect earlier in the software development lifecycle is far more effective and significantly cheaper than waking up minutes before they go into production. On the one hand, you have a time constraint to do so, and that may incur you a prohibitively expensive cost as well on the other hand.
Agile and DevOps sped up the application software development lifecycle, by allowing us to build applications faster, to iterate quickly, to speed up the kinetics of putting them into production as there is no time to go and do the testing afterward. Now by integrating security into the software development lifecycle, DevSecOps enables businesses to build more resilient software that's more resistant to cyber attacks.
How responsive are Indian businesses to DevSecOps?
We see India as a microcosm in many ways including the approach to security. For example, the banking system regulator, Reserve Bank of India, last year, came up with a cybersecurity policy and framework for all the banks in India- making it mandatory for the banks to secure all the apps -whether developed internally or developed collaboratively with other partners.
This is the where we feel the 'shift left' is essentially happening. As a matter of fact, close to 86 percent of the Indian businesses are saying that their security approach has moved from the pre-production stage to be an integral part of every phase of the software development lifecycle.
These initiatives are gaining a lot of visibility and driving innovation in both processes and the cultural norms of doing it. Security has become a responsibility for everybody in the software development lifecycle. So whether you are an application developer or an application owner, the IT department or the line of business, they all have a role to play in security.
Is the growing affinity of businesses towards Artificial Intelligence and Machine Learning impacting the software development processes and practices anyway?
It is no secret that finding skilled software designers and skilled IT talents are quite difficult to acquire. Therefore, the more we use these intelligent technologies, the more we would be able to augment the skill sets. If you look at CA Technologies and how we are transforming our solution portfolio, you can see that we have applied machine learning, predictive analytics, and artificial intelligence in every single part of our portfolio so that our customers can augment the key valuable skillsets of their resources. These technologies can help us identify the scenarios where we might have a bottleneck or performance issue and then proactively act to prevent any possible slowdown or application outage.
How the 'Modern Software Factory' approach has impacted the CA product portfolio so far?
If you look at our portfolio today and the businesses we are in, it is very different from where we were five years ago. We have transformed our portfolio with a focus on four key objectives: Agile, DevOps, Security and applying these on every platform from mainframe to mobile. We are enriching our portfolio primarily through organic innovation and augmenting it through strategic acquisitions as well. More than half of our revenues now come from our new products and the rapidly growing products from our key focus areas.
Is any particular sector leading the way for CA Technologies' growth?
We have a long heritage of working with large enterprise customers across multiple segments. We are deeply penetrated in banking and financial services- we work with 48 out of the 50 large banks in the world. We work with almost all the major insurance companies. We do a lot of business with healthcare providers, as well as with retail, media & entertainment and manufacturing. Because of the breadth of our portfolio and our enterprise-wide capabilities, we are able to support our customers from the planning, building, testing, releasing applications to support and manage them too.
How crucial is India market for you in terms of growth?
India is a key focus market for us. The Indian economy is undergoing an amazing transformation journey with a 6X growth in GDP in the period of last two decades. In addition to the progressive policies laid out by the government, an increasingly digital mindset embraced by the businesses have helped in creating a great business environment here. We are also investing a lot on hiring fresh talent and professionals in India.
The large-scale products as well the leading-edge innovations that we invest here a lot are generating a good amount of revenues for CA. Some of our most advanced technology and predictive analytics solutions are driven out of India Technology Centre(ITC). For example, our payment security business is driven out of ITC. The technology showcases we see at our internal demo sessions are extremely promising. I am excited about the potential. I look forward to a number of product announcements from ITC and also expect to see a lot more product showcase from ITC in the next CA World, the annual flagship event of the company.