By Kavita Viswanath, General Manager, JFrog India
India has defied the global economic recession; the country’s GDP in 2022, at roughly seven percent, reflects the resilience of our fast-growing economy. With approximately 35,000 tech firms and 27,000 tech start-ups, employing around 5.4M people, the Indian technology industry is playing a pivotal role in powering the Indian economy.
Technology adoption is also skyrocketing. At the beginning of 2023, India recorded around 692 million internet users, with around 1.10 billion cellular mobile connections active during that period. By 2027, the number of e-commerce users is expected to reach ~1000 million. One of the key digital technologies – cloud computing – is expected to account for eight percent of India’s GDP by 2026. Indian citizens saw how technology turned key enabler during the pandemic with innovations such as Aarogya Setu – a ‘COVID-19 contact tracing, syndromic mapping and self-assessment’ digital app. Other government apps that are making our lives so much easier include mAadhaar App and mPassport Seva App, among others.
The Challenges of Tech Adoption
However, there is a flip side to this rapid technology adoption – organisations are increasingly finding it difficult to ensure comprehensive security for software solutions delivered and deployed. Indeed, today’s software developers are tasked with a lot more than just coding. To keep up with the fast-paced software-driven economy, they need to focus on automation, collaboration, security, distribution, data analysis, and agility to ensure quality builds and get releases to customers quickly and securely.
A critical threat is an overwhelming risk posed by inherited software supply chain exposures. A supply chain attack, also referred to as a value-chain or third-party attack, happens when the organisation’s system is infiltrated by an outside partner or provider who has access to its systems and data. With digitalisation of workflows, more and more suppliers and service providers are touching sensitive data, drastically increasing, and changing the attack surface of an enterprise. As per Verizon’s 2022 Data Breach Investigations Report, supply chain attacks have been responsible for 62% of system intrusion incidents, with many organisations unprepared to deal with them. Another global study, conducted by Venafi found that of 1,000 CIOs interviewed, 82% believed their organisations to be susceptible to software supply chain attacks.
As a result, organisations struggle every day to provide software with optimal security and protection against malicious activities, takeovers, data theft, and commercial sabotage. With more opportunities than ever for cybercriminals to exploit product software security vulnerabilities, manufacturers, vendors, device deployers, and end users face the distressing consequences of a lack of security hygiene in software. To defend against sophisticated cyberattacks, it is essential to secure software across the lifecycle.
Identification and Prioritisation of Risks is Key
Earlier this year, JFrog launched the 2023 Security Research Report, an in-depth analysis of the top 10 most prevalent vulnerabilities of 2022-23, their severity level, and best practices for reducing the potential impact of each.
The #1 Critical Vulnerabilities Exposure (CVE) identified was the growing dependency on open-source code, and how organisations need to track the exponential increase in open-source components. A recommendation was for organisations to adopt a Software Analysis Composition (SCA) solution that allows secure risk management of open-source use through the software supply chain. This will enable:
a) An accurate Software Bill of Materials (SBOM) to help security professionals and developers better understand the components used in applications and gain insight into potential security and licensing issues.
b) Identification and tracking of all open source to factor in extensive software supply chains including partners, third-party suppliers, and other open-source projects.
c) Setting and enforcing policies to respond to license compliance and security events across the company.
An effective SCA tool such as JFrog’s X-Ray and within the Advanced Security solution allows organisations to have quicker, safer time-to-market, faster & relevant innovation, and eliminate unknown business risks. It helps to address common enterprise challenges such as Infrastructure as Code (IaC) security, keeping cloud deployment safe and secure, secrets detection for exposed keys and credentials, or services’ misconfiguration. It safeguards software delivery from source to edge in a unified software supply chain platform, ensuring that the software is designed from the get-go with the latest innovations in security.
Such a tool provides DevOps and Security professionals with a centralised system of records to ensure visibility across the business, allowing developers to get back to doing what they do best – writing great code that delivers innovative solutions to the end customer.