Application Security in the Changing Risk Landscape: The Ponemon Report

Mike Convertino Miniatura
Mike Convertino
Published August 22, 2016

I’m pleased to share our first annual State of Application Security report. Conducted in partnership with the Ponemon Institute, Application Security in the Changing Risk Landscape surveyed 605 IT and IT security professionals about their approach to protecting applications critical to running their business.

One of the key takeaways of the report is that lack of visibility into the application layer is now the main barrier to achieving a strong application security posture. As a CISO, I need to know everything about the data that flows through those apps: who’s using it, where are they accessing it from, and what they’re doing with it. And, with more and more applications hosted in the public cloud, managing risk becomes even more challenging.


As it turns out, many security professionals share my concerns. More than half of all survey respondents believe that cloud-based applications increase risk, while 63% of all survey respondents believe that attacks at the application layer are harder to detect—and more difficult to contain—than those at the network layer.

However, 71 percent of security professionals who have integrated DevOps practices into their application development lifecycles say that they have improved security and that it enabled them to respond quickly to vulnerabilities. I believe that DevOps practices can be highly beneficial to application security as long as security testing is embedded into the automated testing we already do in DevOps alongside all the functional tests to ensure that the apps we develop are both functionally robust and secure from the ground up.

I invite you to read the full report to gain insights into what your peers are experiencing, and how the changing landscape of application security is affecting their organizations. It explores the types of incidents they’re experiencing today, the trends that may impact their application security posture in the future, and everything in between—from who owns application risk to how the IT security budget is allocated and the role DevOps can play in improving app security. I hope you find it as interesting as I do.


  • Challenges of achieving a strong application security posture
  • The implications of Shadow IT
  • The changing role of application developers
  • Primary technologies used for securing applications
  • Trends that will weaken or strengthen the state of application security
  • Accountability and the security of applications
  • The impact of mobile and cloud-based applications

Download the report now.

Want to learn even more? Register for our webinar with Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, and David Holmes, Security Evangelist at F5, on Tuesday, August 30, 10:00 – 11:00 a.m.