Security has been a long-standing topic and issue. As long as technology evolves, there will be a need to secure all aspects of it. Since the beginning of time, humans have used the technology of the day to acquire valuable items that we do not already possess, to make tasks easier, and to safeguard the things that hold high importance to us. Our technologies and systems have grown bigger and complex over time, and these complexity have increased the number of vulnerabilities and attack-points. There are now numerous ways to attack, seize the things we value, and cause harm.

Now that the applications we build have become more complex, richer in features, openly accessible to anyone and available round-the-clock, the number of potential vulnerabilities has also increased relatively. Our apps' complexity increases the number of ways that potential attackers can take advantage of our system and raises the risk. The more we scale our application development processes, the harder it may be to maintain our security.

In a way, security is not very balanced. Defenders have to protect all attacks across a wide range of potential vulnerabilities for the entire life of the technology and that could be a very long time. New applications and systems are added all the time and existing ones are blending and next, you would want to incorporate with a third party that you might have not done business with before which makes the process a broader one.

On the other side, attackers are spurred, they don’t have to find all the vulnerabilities in a system, they just need to find one or a few. Without being limited to laws and policies, their mode of operations are more flexible. They can be singular in focus since they are not trying to manage performance appraisals together with managing an organisation’s network and general security and once they can successfully exploit one vulnerability, their job is done.

If we at the defensive side can comprehend this imbalance in security, the difficulties that lie ahead of us, and how we can overcome them, we can see there is a great need for practices like automation, simplification, prioritisation and ruggedness in our security approaches.