The overwhelming majority of enterprises (92.0%) have some software development resources in house, which they use for developing their own applications; 44.5% of enterprises rely entirely on internal development teams and another 47.5% rely on a mix of internal development teams and outsourced developers. A small number (5.5%) of enterprises rely entirely on outsourced development and have no in-house developers. Whether developers are internal or outsourced, some enterprises map developers to specific applications for the life of the application while others fluidly move a pool of developers between different apps.

Within an enterprise, not everyone is aware of applications being developed and deployed. IT administrators have the highest awareness of the breadth of custom applications, followed by devops professionals. IT security professionals are only aware of 38.4% of the applications known to IT administrators. This means that IT security teams are involved in fewer than half of these applications to ensure corporate data is protected against threats. Rather than security being a barrier to development, it appears development is occurring without involvement from security.

Increasingly, custom applications are moving from the corporate datacenter to the cloud. Today, 39.1% of applications are deployed in the public cloud, private cloud, or a hybrid of both. That number is expected to grow to 53.8% in the next twelve months as new applications are deployed in the cloud and existing application migrate to the cloud. The public cloud is already the most popular flavor of cloud, and by the end of this year it’s expected that more than one third of applications will be deployed in the public cloud.

Threats to applications deployed in the cloud

In a cyber attack on the company Code Spaces, whose principal product was a code repository application on AWS, hackers gained access credentials for the company’s AWS console and held their application and data hostage for a ransom. When Code Spaces did not comply, attackers permanently deleted its customers’ data along with backups of that data maintained within the same AWS account. The attack was so devastating that it resulted in Code Spaces going out of business. It is an attack that did not compromise the integrity of the AWS platform, but rather an account password, which can easily be stolen via a phishing attack.

When asked about the greatest threats to applications running in the public cloud, the single most common response (66.5% of IT professionals) was sensitive data uploaded to the cloud. Some organizations have regulatory compliance and data residency requirements that can prevent them from uploading data to a cloud environment. That’s followed closely by third-party account compromise (56.9% of IT professionals) like the one that shut down Code Spaces. Another concern is that applications in the public cloud make it easy to access sensitive data from BYOD devices with 40.1% of respondents concerned about users downloading this data to unmanaged personal devices lacking endpoint security controls.