Published Jan 28, 2020
WRITTEN BY THE KIUWAN TEAM
Experienced developers, cyber-security experts, ALM consultants, DevOps gurus and some other dangerous species.
Using application security testing (AST) tools has many benefits; for example increasing the speed, efficiency and coverage paths for testing applications. However, there are many reasons why individuals may feel insecure when it comes to using tools that scan code “in the cloud”. And on the other hand, full on-premises tools can be heavy on resources and slow.
We would like to offer some food for thought: have you ever considered a hybrid solution?
Why AST tools?
According to the Carnegie Mellon University’s Software Engineering Institute blog, “the major motivation for using AST tools is that manual code reviews and traditional test plans are time-consuming, and new vulnerabilities are continuously being introduced or discovered.”
Furthermore, there are many domains where the use of AST tools is mandatory due to regulatory and compliance directives. If you want to protect yourself from individuals that want to compromise your systems, you need to protect those systems and keep pace with them.
The usage of AST tools increases the speed, efficiency and coverage paths for testing applications. These tools are also versatile and scaleable, not only they find vulnerabilities, issues, and weaknesses, but they can also classify their findings and be used in remediation workflows.
During the past several years, the term DevOps has not only grown but has also been implemented all around the world in different types of companies. From software houses and small shops to banks and ride and food sharing companies, the speed at which you develop and deploy code is your lifeline. Yet there is something slowing everyone down… SECURITY. How do I scale productivity while staying secure and keeping costs down?
The appeal of on-premises scanning vs. “in the cloud”
On-premise application security testing is appealing because it feels more secure to keep our code in-house rather than scanning it “in the cloud.” But on-premises scanning can also be slow, hard to scale and expensive.
So why are people still preferring on-premises security tools?
Many companies prefer to manage their own security and are wary of trusting cloud solutions. This can have various reasonable reasons, for example, if the companies have strict regulations and don’t want to expose their data in the cloud. It could also be due to legacy tools that do not allow for “more modern” cloud solutions.
“I don’t want my code to leave my company and especially have it in “your” cloud.“
When do you compromise that feeling of security for scalability? Is it possible to keep your code inside your walls and scale without significantly increasing your costs?
What about a hybrid solution?
There is a solution! A hybrid approach would allow you to:
- Keep your code within your control and scan at speeds no on-prem solution can offer,
- Scale with parallel scanning and your developers won’t have to worry about bottlenecks and getting in line to scan.
- Avoid compiling, uploading code, or even downloading results.
- Stop worrying about tool update or infrastructure changes and maintenance costs.
There is more and more demand for a hybrid solution between on-premises and cloud. This will make it possible for companies to meet their security regulations, by adopting a local AST environment, but with the benefits and flexibility of cloud security solutions.
Kiuwan’s hybrid solution
Kiuwan’s hybrid solution will allow you to have the peace of mind of an on-prem solution while offering you the speed and agility of SAAS.
Ask us for a trial today and see for yourself.