Editor's note

Crafting an effective corporate application security strategy is getting tricky.

That is because, among other things, applications don’t just sit on employee desktops within company walls anymore. Apps now are also riding around on all sorts of mobile, employee-owned devices and in the cloud. What that means is that sensitive corporate data, too, has escaped the bounds of the enterprise.

To set a strategy and create an application security policy means taking all these facts, plus the increased sophistication of hackers, into consideration. This guide aims to outline the various aspects of the issues that must now guide your application security strategy making.

1Best practices for any appsec program

After the basics are in place, next comes the tough stuff that’s required to make sure the applications in use in the enterprise are as secure as they can be. These stories look at specific appsec best practices, in categories like messaging apps, but also consider some of the myths that have developed around the issue of app security best practices.

2Applying an application security strategy to cloud

Mobile is everywhere, when it comes to apps, and so is cloud. In fact, some would argue that cloud-based applications present one of the biggest challenges for infosec pros today. In this section of our guide, we look at application security policy issues raised by the spread of cloud -- private, public and hybrid -- and touch on ways to secure enterprise data and systems that can now be accessed by devices outside the traditional enterprise security perimeter.

3Mobile and more: Topics in application security

This segment of our guide is packed with actionable advice on several topics, including the vital security concerns that mobile applications raise. Learn more now about how to approach mobile application security and related policy. Be sure not to miss the collection of expert podcasts that rounds out this segment.