Editor's note: The following is a guest article from Samuel Bocetta, a former Department of Defense security analyst and technical writer focused on network security and open source applications.
The current moment, when governments and companies are struggling to deal with a global pandemic, might seem like a strange one to roll out new development and managerial practices.
However, the huge increase in internet usage seen over the past month means many companies have had to accelerate their business development plans.
Companies around the world are increasing capacity, and others are taking the opportunity to look again at their DevOps processes and build in security from the ground up.
The pandemic and the web
The coronavirus pandemic has already caused huge changes to the way the internet is being used. Web traffic has increased by 25% in many major cities across the world, according to MIT technology review. Vodafone has seen a 50% increase in global network traffic.
Beyond these headline figures, the reasons users are using the web are also changing. Video services are seeing the largest spikes in demand, with more people using the video-conferencing software Zoom in the first two months of 2020 than in all of 2019. Video now accounts for more than half the internet’s traffic, according to an analysis by internet hardware firm Sandvine.
Alongside video conferencing software, tools for remote working are also seeing increased demand. These include workplace collaboration apps but also a plethora of associated services such as cloud accounting software and online marketing automation services.
Many employees are new to working from home and are now demanding quality apps to move their business operations online.
The huge rise in internet usage over the past few months has highlighted longstanding concerns over the security of many of the most-used remote working apps.
More than 90% of organizations report data breaches and the companies that are seeing increased demand at the moment are no exception to this.
Zoom has faced extra scrutiny. The company has seen a 535% rise in daily traffic in the past month, but security researchers say the app is a "privacy disaster," and some have even claimed the video conferencing software is indistinguishable from malware.
The fact users are flocking to relatively immature apps with relatively immature privacy and security policies might initially seem strange.
In recent years, industry has seen an increased consciousness of the importance of data protection among the general public, with more people than ever now using virtual private networks (VPNs) to cloak their data and secure email providers seeing an increase in usage and market share.
In reality, very few users have an open and free choice when it comes to which apps they use to work from home or to keep in touch with their relatives. In most cases, they will simply choose an app that has been decided on by their employer, their friends, or their relatives.
That might make it seem as though the security of these apps need not be strong in order for them to see an increase in market share. But the consequences of poor security in an organization's apps will, eventually, come back to hurt it.
The right time for DevSecOps?
DevSecOps has been around for more than a decade now, but the recent increase in internet and app usage has highlighted the importance of this idea as never before.
Anecdotal evidence suggests these numbers are likely to rise over the next few months — more people using apps means more breaches in security for mobile apps.
As more people use remote working software, the consequences of breaches are likely to rise, and not just in terms of the amount of data compromised in each breach. With companies working remotely, the reputational damage caused by data breaches will also rise.
Implementing new working practices in the face of a global pandemic might seem like a strange idea but it is one that many companies recognize is critical. This will be particularly important for SaaS companies, who are also seeing huge increases in demand because their role as the protectors of corporate data is also likely to increase.
Even for established apps, though, huge numbers of new users will highlight the need to incorporate automated compliance and security checks into existing software.
Many companies are responding to the pandemic by upgrading and updating their infrastructure. Internet giants such as Equinix, which operates 200 data centers around the world, are rushing out upgrades as quickly as possible. Equinix is in the middle of upgrading its traffic capacity from 10 to 100 gigabytes.
The company had planned the work over a year or two, but it is now being done in a few weeks. This is the perfect time to implement DevSecOps, which offers a way to build security into new services from the ground up.
The bottom line
Though the current crisis is certainly exceptional, some analysts have pointed out the changes in web usage it has precipitated might be here to stay.
The post-pandemic world might very well be one based on remote working, and the apps that users download to keep in touch with their relatives will continue to see significant usage after the disease has dissipated.
This means that there are huge potential gains companies that can offer software solutions during the pandemic but with one condition: These solutions will need to be secure.
The cost – both monetary and in terms of reputation – of data breaches is only going to rise, and that means that security needs to be integrated into app development processes.