By Chris \u00a0Leffel\nApplications are a key piece to the digital transformation puzzle. They are also a moving target, as many organizations move current \u00a0mission-critical apps to the cloud, while developing new ones, while working to keep them all updated and secure without enough skilled hands to manage it \u2013 all while cybercriminals wage war. You see, applications are a cybercriminal\u2019s favorite target. In fact, according to a recent report, web and mobile application attacks have spiked, accounting for 67% of all attacks as remote-access becomes a common vulnerability. Basically, the remote work \u00a0environment has been a \u00a0field day for bad threat actors. You can bet that cybercriminals are innovating and scaling as we speak, making application security more important than ever.\nThe state of application security is rapidly changing, and businesses must transform accordingly. We\u2019re seeing five trends in app development that make security more challenging. \u00a0\n5 challenging app sec dev trends\nThe speed of change: The pace of software releases has increased dramatically. Not so long ago, a major software release \u00a0was every year or two \u2013 every six months if a company was really pushing the envelope. Now, in some cases, companies are pushing thousands of changes to an app each day. Some organizations are targeting an hour-long development cycle, instead of a months-long one. Security can take a back seat to quickly going to market with new features.\nNew ways to build: In the past, software was built to be monolithic and server-based, where development teams would write a bunch of code that would set on a server that interacted with web browsers.\nBut in recent years, companies are breaking up these huge pieces of software and turning them into collections of cloud-native containers, strung together with application programming interfaces, or APIs. The new app development model is focused on microservices that are then packaged together to create a full-featured app package. This can create a wider attack surface where one vulnerability in one microservice can give attackers a foothold or access to customer data.\nTearing down walls: For several years, organizations have been moving from separate software development and operations teams to combined DevOps teams, and that trend is accelerating during the age of apps. As part of the move to DevOps, organizations are moving to an infrastructure-as-code model, with configuration files created that contain a company\u2019s infrastructure specifications, making it easier to change configurations.\nOrganizations are no longer putting code on servers but instead are writing infrastructure code that spins up the number of servers that they need to deploy their code on them automatically.\nThere are a lot of good reasons to move to the DevOps model, but its focus on a continuous development cycle \u2013 and rapidly changing infrastructure configurations \u2013 also create challenges for the security team.\nOutdated skills: Development technologies are outpacing the knowledge of security teams. Security professionals not only need to learn about new development techniques like microservices, but many companies are operating in multiple cloud environments, with each cloud having its own security idiosyncrasies. Many companies also use multiple container platforms, each with its own security model.\nSecurity professionals have a difficult time staying current with all the development techniques and environments their companies are using. There are literally an unreasonable number of things changing all the time for a security professional to keep up with.\nA new voice: In addition, development teams are gaining more of a voice in security issues. In many ways, that\u2019s a positive change, but it can create tension between traditional security professionals and developers who want to release apps quickly. Developers, often with pressure from company executives to increase revenue, are frequently pushing for speed, while security teams are often pushing back to protect the company and its assets.\nWhat\u2019s next\nThese trends will only intensify. Companies now building their revenue streams with dozens of rapidly developed apps should consider approaching app security differently. The Modern AppSec Framework delivers a functional plan with which organizations can use to develop and deliver secure applications, regardless of where they are in their security or application development journey. More on how to modernize your approach to application security can be found in our white paper here.