Key Insights into Gartner Hype Cycle for Application Security

Gartner Hype Cycle started as a graphical representation method for representing the adoption, evolution, and maturity of new emerging technologies. Over time, it has transformed into a highly potent and reliable powerhouse of smart insights into how emerging technologies will evolve. 

Apart from offering insights into the evolution of new and emerging technologies in the coming years, the Hype Cycle also paves the way for intelligent investments in various technologies and market intelligence to choose the best tools for mid-market and enterprises on emerging technologies.

Here, we discuss the key insights from the Gartner Hype Cycle for a crucial technology trend: Application Security Testing (AST).

Let us begin with an introduction to the Gartner Hype Cycle for application security testing.

Introduction to Gartner Hype Cycle for application security

With a "moderate" benefit rating and a 20% to 50% target audience, Application Security Testing, or AST, is one of the most crucial emerging technologies and promising trends. It identifies and helps remediate security vulnerabilities in mobile apps and web apps. 

Mobile and web applications are key integrals of a company's digital transformation. As they interact directly with the company and its customers, they are also the storehouse of highly confidential data. It is essential to check them for security vulnerabilities to ensure they don’t become the entry point for attackers and security failures.

This is vital for the successful digitization of the companies as well. 

Interpreting technology hype

When new and emerging technologies promise better and more diverse feature sets and services, it becomes important to distinguish between the hype and actual commercial viability. 

A classic epitome is the Internet of Things, or IoT, which was touted as the game-changer in the IT technology sector. However, the promises have crumpled many times in the wake of security and commercial viability accidents, and the technology is yet to see its proper transition into a major trend.

Hence, reliable and trustworthy data representation focusing on various verticals is a must. When it comes from a reputed and respect-worthy source, like Gartner, it becomes a focus of discussions for future investments and business agendas.

How do you use Hype Cycles?

The Hype Cycles are used to obtain reliable and actionable insights into evaluating emerging technology's promises. These insights are then used to learn how well these technologies will prove themselves in the context of industry and their risk appetites. 

Technically, the Gartner Hype Cycles help the IT stakeholders to opt for any one of the following three approaches:

• Plan an early adoption of emerging technology and enjoy the benefits of the same
• Plan the investment and technology adoption after a thorough cost/benefit analysis
• Invest in technology once it has matured with assured commercial viability
  
  

How do Hype Cycles work?

The Hype Cycles dive deep into the five key stages of technology's life cycle and deliver intelligent, actionable insights. 

1. Innovation trigger

Technology is trending in the media, but there is no concrete proof of commercial viability and no actual product or service being used.

2. Peak of inflated expectations

Some stakeholders invest, while others don't, depending on the success and failures of the products. 

3. Trough of disillusionment

In this phase, the stakeholders invest only if the developers can improve their products or services. 

4. Gartner Slope of Enlightenment

The technology shows actual results, and companies use better and upgraded versions.

5. Plateau of productivity

The technology proves worth its salt, and mainstream adoption starts on a large scale. 

How do the Hype Cycles help?

The Hype Cycles help you by:

• Understanding the commercial viability of new technology by separating it from all the hype
• Plan better and smarter investments based on risk analysis
• Evaluate your beliefs and understanding of the technology against the objective evaluation of IT experts and analysts. 

The priority matrix

Off The Hype Cycle

1. Cloud security access broker (CASB)

The innovation profile subsumes CASB, as it is included in many secure service edge platforms.

2. Mobile threat defense (MTD)

Web application client-side security and application shielding are more application-focused and have, thus, replaced MTD.

3. Runtime application self-protection (RASP)

Gartner has removed RASP from this year's Hype Cycle.

Climbing the slope - mobile application security testing

1. Introduction

While the AST techniques remain the same, they must be optimized and adapted to mobile device environments and extensively agile mobile development technologies for Android and iOS. 

Further, mobile AST also has a huge business impact, which we discuss below.

2. Business impact

Mobile AST is used by the security and application departments or other departments that directly impact business revenue and brand positioning.

With the increase in the popularity of mobile and web apps, the number of businesses and industries using these apps has considerably increased. Mobile application cybersecurity is equally important. You can try Appknox's mobile application security testing. Among the other users, the financial, healthcare, and service sectors also employ the mobile AST to secure their apps. 

The vulnerability risks for these sectors are even higher. When we consider government institutions, the stakes become too enormous to be left at the mercy of average AST technologies. 

Hence, be it an investment, simple purchase, or even the development of Mobile AST, the Gartner Hype Cycle is one reliable stat that invokes smart decision-making capabilities from reliable data and trends.

3. Drivers

The techniques used in Mobile AST are similar to the traditional AST techniques adapted for mobile environments. This similarity and the specific focus on vulnerabilities affecting mobile apps are the major drivers.

Companies that are already using traditional AST for apps are seeking technologies that can rapidly and reliably discover vulnerabilities. In addition to these characteristics, the companies wish for these technologies to be less complex and more cost-efficient than the traditional comprehensive AST suite. 

Mobile AST focuses on specific app vulnerabilities, such as man-in-the-middle attacks, hard-coded credentials, malicious code, and excessive device permissions. 

This is one of the crucial benefits as Operations support system (OSS) components and SDKs are used with mobile apps frequently, and testing the third-party code becomes a must!

4. Obstacles

The mobile AST techniques, namely - Static AST (SAST), Dynamic AST (DAST), Interactive AST (IAST), and Software Composition Analysis (SCA) are being used for years and are matured. 

On the other hand, the mobile AST itself is still far from its maturity, and the mobile platforms are still evolving. Further, mobile app testing is yet to adapt itself to the mobile environments and enable reliable testing for all client- and server-side codes.

Many organizations still use less advanced AST and are not ready for mobile AST. They focus on the back end and consider mobile app code less of a priority for inclusion in the AST programs.

5. User recommendations 

Users must perform mobile AST, especially for apps that run on untrusted environments, such as those with software logic running on the client's side. Apps with transactional or IP value must also be subjected to mobile AST. 

Leverage the new mobile AST offerings from the traditional AST vendors as a part of a larger enterprise suite.

If you don't have such vendors, proactively look for dedicated mobile AST vendors.

Ensure that your vendors working with third-party developers perform mobile AST on their apps and provide timely reports with proper findings and corrective actions taken. 

Appknox named a vendor in the Gartner Hype Cycle for application security

Appknox has been named as one of the preferred vendors for mobile AST in the 2021 Gartner Hype Cycle report. We offer highly comprehensive and smart real-time DAST and many other security offerings for mobile apps (Android and iOS). Appknox has also joined the ioXT Alliance and is on its way to being an authorized lab for the same.

Offering impeccable products and services for security and vulnerability assessment, Appknox is one of the most commendable and reliable security solutions providers, having earned the trust of Gartner and G2 as well. 

Mobile AST: the road ahead

Maintaining application security will become more complex as the number of applications that organizations use increases. Security and risk management leaders not only have to adopt a system view but also need to focus on mobilizing multiple app security innovations.