Check out all the on-demand sessions from the Intelligent Security Summit here.
An expanding workforce of less-experienced developers requires tools with enhanced capabilities — particularly those involving cybersecurity, explained Eric Pearson, senior product manager and regional vice president with DevOps company AutoRABIT.
To help organizations monitor performance and mitigate risk in an expanding threat landscape, AutoRABIT today announced the launch of CodeScan Shield. Its new no-code analysis tool allows admins and developers to easily scan a Salesforce ecosystem for security threats and immediately informs them of potential errors before a major breach occurs.
“By expanding our DevSecOps tool set to monitor performance and mitigate risk, we can now help development teams with consistency, compliance, and data security,” said Pearson.
Intelligent Security Summit On-Demand
Learn the critical role of AI & ML in cybersecurity and industry specific case studies. Watch on-demand sessions today.
Advancing DevSecOps tools
Salesforce is the dominant leader in the customer relationship management (CRM) software market, with a nearly 24% market share in 2021. A recent report by the International Data Center (IDC) commissioned by Salesforce predicts that the company and its partners will create 9.3 million new jobs and $1.6 trillion in new business revenue worldwide by 2026.
DevSecOps is a process addressing development, security, and operations simultaneously through the full application lifecycle. In the wake of growing — and ever more sophisticated — cyberattacks, the overall DevSecOps market is booming — valued at an estimated $2.55 billion in 2020 and expected to reach $23.42 billion by 2028.
According to Emergen Research, growth is driven by rising needs for repeatable and adaptive processes and automated monitoring and testing. Custom code security with various testing approaches — Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST) and Interactive Application Security Testing (IAST), for example — is also driving the adoption of DevSecOps tools.
“DevSecOps offers flexibility to repetitive and adaptive procedures,” the report states. “This ensures that security is maintained uniformly across the environment as the environment changes and adapts accordingly to meet newer requirements.”
Consistency, compliance, data security
Static code analysis provides visibility into code health from the first line written through final deployment into production, explained Pearson. It is critical because it drives Salesforce development quality, speed, and security.
“Poor code quality slows feature velocity and creates additional risks for compliance and security,” he said.
Not to mention, the cost of fixing errors in production versus fixing them in early development is a difference of millions of dollars. He pointed out that the average cost of a data breach is $4.35 million — an increase of nearly 13% since 2020. And, 23% of data breaches are caused by human error.
Having confidence in processes is critical to remaining secure and compliant amidst growing security threats, said Pearson. Stability of coding structures in updates and applications — along with strict adherence to internal rules and standards — requires consistency.
CodeScan Shield is the next iteration of the AutoRabit code analysis tool used by thousands of Salesforce developers. It expands metadata rules and also introduces the module OrgScan.
This new module enables pro-code developers, point-and-click developers and Salesforce admins to incorporate security scanning into their workflows. They can scan Salesforce profiles, permission sets, user and session settings, flows and other metadata components to check for 100% adherence to native and custom Salesforce policies, supporting regulatory compliance standards, said Pearson. After a scan completes, an interactive dashboard shows results and identifies areas of concern.
Combining code scanning and policy management
With the introduction of CodeScan Shield, AutoRABIT says it is the only company providing an all-in-one code scan and policy management product.
Without such tools, “… admins are responsible for field-level security and developers are responsible for code quality and security; we’ve learned from our customers that when everybody owns something, nobody does,” said Pearson.
Scanning the entire Salesforce organization, not just the code, provides “… holistic security and governance layer that gives tech leaders the guide rails they need to ensure their employees are working within the defined security parameters set by the organization,” said Pearson.
AutoRABIT will demonstrate CodeScan Shield at Dreamforce 2022 next week.
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.