Gartner Hype Cycle started as a graphical representation method to represent the adoption, evolution, and maturity of new emerging technologies. Over time, it has now transformed into a highly potent and reliable powerhouse of smart insights into how emerging technologies will evolve in the future.
Apart from offering insights into the evolution of the new and emerging technologies in the coming years, the Hype Cycle also paves way for smart investments in various technologies and market intelligence to choose the best tools for mid-market and enterprises on emerging technologies.
Here, we discuss the key insights from the Gartner Hype Cycle for a highly crucial technology trend- Application Security Testing, or AST.
Let us begin with an introduction to the 2021 Gartner Hype Cycle for AST.
Introduction to Gartner Hype Cycle for Application Security 2021
With a "moderate" benefit rating, and a 20% to 50% target audience, Application Security Testing, or AST is one the most crucial emerging technologies and one of the most promising trends. It identifies and helps remediate security vulnerabilities in mobile apps and web apps.
Mobile and web applications are the key integrals of the digital transformation of a company. As they interact directly with the company and its customers, they are also the storehouse of highly confidential data. In order to ensure that they don’t become the entry point for attackers and security failures, it is important to check them for security vulnerabilities.
This is vital for the successful digitization of the companies as well.
Interpreting Technology Hype
When the new and emerging technologies promise better, and more diverse feature sets and services, it becomes important to distinguish between the hype and actual commercial viability.
A classic epitome is the Internet of Things or IoT that was being touted as the game-changer in the IT technology sector. However, the promises have crumpled many times in the wake of security and commercial viability accidents, and the technology is yet to see its proper transition into a major trend.
Hence, having a reliable and trustworthy data representation focusing on various verticals is a must. And, when it comes from a reputed and respect-worthy source, like Gartner, it becomes a focus of discussions for future investments and business agendas.
How Do You Use Hype Cycles?
The Hype Cycles are used to get reliable and actionable insights into the evaluation of the promises made by emerging technology. These insights are then used to learn how well these technologies are going to prove themselves in the context of industry and their risk appetites.
Technically, the Gartner Hype Cycles help the IT stakeholders to opt for any one of the following three approaches
- Plan an early adoption of emerging technology and enjoy the benefits of the same
- Plan the investment and technology adoption after a thorough cost/benefit analysis
- Invest in technology once it has matured with assured commercial viability
How Do Hype Cycles Work?
The Hype Cycles dive deep into the 5 key stages of the life cycle of technology and deliver smart and actionable insights.
1) Innovation Trigger
A technology is trending in the media while there is no concrete proof of commercial viability and no actual product or service to be used.
2) Peak of Inflated Expectations
Some stakeholders invest, while others don't, depending on the success and failures of the products.
3) Trough of Disillusionment
In this phase, the stakeholders invest only if the developers are able to improve their products or services.
4) Slope of Enlightenment
The technology starts showing actual results and companies start using the better and upgraded versions.
5) Plateau of Productivity
The technology proves worthy of its salt and mainstream adoption starts on a large scale.
How Do the Hype Cycles Help?
The Hype Cycles help you by:
- Understanding the commercial viability of new technology by separating it from all the hype
- Plan better and smarter investments based on the risk analysis
- Evaluate your beliefs and understanding of the technology against the objective evaluation of IT experts and analysts.
The Priority Matrix
Off The Hype Cycle
1) Cloud security access broker (CASB)
The innovation profile subsumes CASB, as it is included in many secure service edge platforms.
2) Mobile threat defense (MTD)
Web application client-side security and application shielding are more application-focused, and have thus, replaced MTD.
3) Runtime application self-protection (RASP)
Gartner has removed RASP from this year's Hype Cycle.
Climbing the Slope - Mobile Application Security Testing
While the AST techniques remain the same, they have to be optimized and adapted to the mobile device environments and for the extensively agile mobile development technologies for both, Android and iOS.
Further, mobile AST has a huge business impact as well, which we discuss below.
2. Business Impacts
Mobile AST is used by the security and application departments or the other departments that are in the direct line of impact over the business revenue and brand positioning.
With an increase in the popularity of mobile apps and web apps, the number of businesses and industries using these apps has considerably increased. Among the other users, the financial sector, healthcare sector, and service sectors are also employing the mobile AST to secure their apps.
The vulnerability risks for these sectors are even higher. And, when we bring the government institutions into the picture, we realize that the stakes become too enormous to be left at the mercy of average AST technologies.
Hence, be it an investment, or simply purchase, or even the development of Mobile AST, the Gartner Hype Cycle is one reliable stat that invokes smart decision-making capabilities stemming from reliable data and trends.
The techniques used in Mobile AST are similar to the traditional AST techniques adapted for mobile environments. This similarity and the specific focus on vulnerabilities affecting mobile apps are the major drivers.
Companies that are already using traditional AST for apps are seeking technologies for the rapid and reliable discovery of vulnerabilities. Apart from these characteristics, the companies wish for these technologies to be less complex and more cost-efficient than the traditional comprehensive AST suite.
Mobile AST focuses on specific app vulnerabilities, such as man-in-the-middle attacks, hard-coded credentials, malicious code, and excessive device permissions.
This is one of the crucial benefits as Operations support system (OSS) components and SDKs are used with mobile apps frequently, and testing the third-party code becomes a must!
The mobile AST techniques, namely - Static AST (SAST), Dynamic AST (DAST), Interactive AST (IAST), and Software Composition Analysis (SCA) are being used for years and are matured.
On the other hand, the mobile AST itself is still far from its maturity, and the mobile platforms are still evolving. Further, mobile apps testing is yet to adapt itself to the mobile environments and enable reliable testing for all client- and server-side codes.
Many organizations are still using less advanced AST and are not ready for mobile AST. They place the major focus on the back end and consider mobile app code less of a priority for inclusion in the AST programs.
5. User Recommendations
The users must perform mobile AST, especially for the apps that run on untrusted environments, such as the ones that have software logic running on the clients’ side. The apps with transactional or IP value must also be subjected to mobile AST.
Leverage the new mobile AST offerings from the traditional AST vendors as a part of a larger enterprise suite.
If you don't have such vendors, proactively look for dedicated mobile AST vendors.
Ensure that your vendors working with third-party developers perform mobile AST on their apps, and provide timely reports with proper findings and corrective actions taken.
Appknox Has Been Named a Vendor In Gartner Hype Cycle For Application Security 2021
Appknox has been named as one of the preferred vendors for mobile AST in the 2021 Gartner Hype Cycle report. We offer highly comprehensive and smart real-time DAST and many other security offerings for mobile apps (Android and iOS). Appknox has also joined the ioXT Alliance and is on its way to being an authorized lab for the same.
Offering impeccable products and offerings for security and vulnerability assessment, Appknox is one of the most commendable and reliable security solutions providers that has earned trust from Gartner and G2 as well.
Mobile AST: The Road Ahead
Maintaining application security will become more and more complex as the number of applications that organizations use increases. Security and risk management leaders not only have to adopt a system view but also need to focus on mobilizing multiple app security innovations.