The latest trend on the rise in the security market has solution providers and vendors making investments to position themselves to help customers secure their applications.
Andrew Howard, CTO of Switzerland-based Kudelski Security, said a growing threat landscape and an expanding application footprint have laid the groundwork for increased demand for web and application security.
"We're absolutely seeing growth in that area," Howard said.
Application security has always been on customers' radar but seems to be moving up the priority list, according to Howard, who added that it is now one of the top five security priorities for most chief information security officers. CISOs are looking to move beyond application security as a compliance checkbox, launching full application security teams and looking to boost their capabilities around securing applications, he said.
That's a trend that wasn't there a year ago, said Jane Wright, principal analyst at Technology Business Research. However, in the past nine months or so, she said the conversation has shifted and customers are looking to invest in application security, particularly around web and email applications. Driving that shift is a rise in ransomware, the move to cloud-based applications and more customization capabilities.
That uptick in application security investment is showing, Wright said. According to TBR research, 17 of the companies covered by the firm have significant application security offerings. Those offerings grew revenue at those companies 19 percent from the second half of 2015 to the second half of 2016, significantly higher than the 11 percent the security market grew overall, she said.
"It is outpacing the market. … It's really picking up," Wright said.
Doug Cahill, senior analyst at Enterprise Strategy Group, said he sees a couple of factors driving the focus on application security. First, he said there is an increased use of Agile software development and DevOps, which is allowing for more conversations around how to streamline security into the development process. That is only accelerated with increased adoption of the cloud, he said.
"I think there's awareness of the fact that we're in an application economy and that code has to be secure. Code is everything, so code has to be secure. … Application security just makes so much sense. … It's fundamentally about moving security upstream," Cahill said.
After the development process, there are more opportunities around application security, including dynamic security testing, virtual patching and web application firewalls, he added.