The platform minimizes tooling and alerts while maximizing agility, efficiency, and cost-effectiveness.
I had the opportunity to speak with Nikhil Gupta, co-founder and CEO of ArmorCode, a new platform designed to help companies take control of increasingly complicated application security environments by consolidating AppSec and DevSecOps tooling.
The ArmorCode application security platform offers consolidated application security posture management, DevSecOps orchestration, and continuous compliance. Early-adopter enterprises are using ArmorCode to consolidate application security tooling, streamline application security processes, increase business agility, and improve developer productivity.
Application Development Evolution
Application development has evolved over the past 20 years. From waterfall development methodologies to agile. From monolithic applications written in a single language to microservices written in many languages. As well as, prolific use of open-source software with dependencies and vulnerabilities.
“Application development has changed from waterfall to agile development and from monolithic application architecture to microservices delivered at the edge. Once-a-year compliance is no longer sufficient as releases are done on a weekly or even daily cadence. However, application security and compliance tools haven’t kept up,” said Teza Mukkavilli, Chief Security Officer at ChargePoint, an ArmorCode customer. “My team was able to onboard the ArmorCode platform in less than 15 minutes and saw tremendous time to value.”
ArmorCode was co-founded in July 2020 by CEO Nikhil Gupta, a former VMware and Cisco executive, who is most known for founding Avid Secure, an AI-powered enterprise cloud security posture management company acquired by Sophos. The goal of the company is to help companies take charge of increasingly complicated application security environments. According to Gartner, application security is one of the top three fastest-growing segments within cybersecurity.
“We have received consistent feedback from the CISO group of our CXO Advisory Board that they are overwhelmed by the volume and complexity of application security alerts,” said Mark Fernandes, Managing Partner, Sierra Ventures, who has invested in many successful security companies like Sourcefire and RedLock. “ArmorCode is the most comprehensive solution in the space and the founding team has relevant startup experience to tackle this significant problem. The rapid early bottoms-up customer adoption is validating our thesis.”
Tool Sprawl
The transition to agile development, the rise of microservices, and an increased reliance on cloud services for business operations due to the pandemic have contributed to an explosion in software development and a dramatic reduction in software delivery time. As the speed and complexity of application development skyrockets, application security professionals increasingly find themselves unable to keep up. Many are forced to piece together security tools as stopgaps.
Application security processes and tools are dated. There is a 1:100 AppSec engineer-to-developer ratio, a glut of AppSec tools, and, manual processes using Excel sheets for security approvals, prioritization, and triage.
Gartner recently found that “78% of CISOs have 16 or more tools in their cybersecurity vendor portfolio and 12% have 46 or more. Too many security vendors result in complex security operations and increased security headcount. Most organizations recognize vendor consolidation as an avenue for reduced costs and better security, with 80% of organizations interested in a vendor consolidation strategy.”
An operating system that connects and integrates of AppSec and collaboration tools results in better, faster, future-proof application development whereby tools can be exchanged using workflow automation without disrupting established business processes. AppSec, CI/CD, and workflow automation enable automatic SLAs for speed, accuracy, and compliance.
Cybersecurity
In addition, cybercrime is increasing partly due to the pandemic: a global survey of 1,000 CXOs revealed that 90% experienced an increase in cyberattacks due to the pandemic and 93% said they were forced to delay key security projects in order to manage the transition to remote work. Cybersecurity Ventures predicts cybercrime damages will total $6 trillion globally in 2021 — or $190,000 every second — and will grow by 15 percent per year over the next five years, reaching $10.5 trillion annually by 2025.
The ArmorCode API-driven platform provides seamless DevSecOps workflow that enables collaboration between developers and AppSec engineers with more than 60 integrations across AppSec, CI/CD, collaboration, and infrastructure security tools to work hand-in-hand to address security issues early in the development lifecycle while producing secure code in an agile environment.
Features and Benefits
ArmorCode is a next-generation application security platform that consolidates three key AppSec needs into a single intelligent platform that minimizes tooling and alerts while maximizing agility, efficiency, and cost-effectiveness.
The ArmorCode platform includes:
Application Security Posture Management
Simplifies AppSec operations by providing a centralized view of all security findings across application and infrastructure security and enables a streamlined CI/CD pipeline
Reduces the risk of security incidents by as much as 50% by normalizing, prioritizing, and correlating findings across various AppSec and infrastructure security tools
DevSecOps Orchestration
Offers a seamless DevSecOps workflow that fosters tighter collaboration between developers and AppSec engineers with 60+ integrations across leading AppSec, CI/CD, collaboration, and infrastructure security tools
Continuous Compliance
Out-of-the-box industry-standard compliances including SOC2, GDPR, FedRAMP, and OWASP Top 10, among others
Continuous evaluation of application security controls and relevant security standards
“While software development releases have shrunk from years to hours, enterprise application security processes are still slow, antiquated, and chaotic. ArmorCode has designed a massively scalable agentless platform from the ground up to help modernize application security,” said Nikhil.
The platform is projected to increase developer productivity by 50% while reducing compliance costs by 86%, DevSecOps orchestration costs by 92%, and AppSec posture management by 73%.