Checkmarx announced its new AI Query Builders and AI Guided Remediation to help development and AppSec teams more accurately discover and remediate application vulnerabilities.
Enterprises Sacrifice Cybersecurity for Speed
Major SecOps Reality Gap: 85% of Companies Say Practicing SecOps is a Goal While 35% Actually Do
March 15, 2018
More than half of companies (52%) admit to cutting back on security measures to meet a business deadline or objective, according to a SecOps research report released by Threat Stack.
As further evidence that companies are sacrificing security for speed, Threat Stack found that 68% of companies say their CEO demands that DevOps and security teams not do anything that slows the business down. But that pressure doesn’t just come from the corner office, as 62% of companies also admit that their operations team pushes back when asked to deploy security technology.
“Businesses have grappled with the ‘Speed or Security’ problem for years, but the emergence of SecOps practices really means that companies can achieve both,” said Brian M. Ahern, Threat Stack Chairman and CEO. “The survey findings show that the vast majority of companies are bought-in, but unfortunately, a major gap exists between the intent of practicing SecOps and the reality of their fast-growing businesses. It’s important that stakeholders across every enterprise prioritize the alignment of DevOps and security.”
The SecOps Reality Gap
The purpose and intent of SecOps is to build towards distributing security decisions at speed and scale to those who hold the highest level of context without sacrificing the required controls. Survey respondents demonstrated a clear understanding of the importance of SecOps to the overall success of their business, with 85% saying that SecOps is a goal for their organization.
Despite clear intent to implement SecOps, only 35% of respondents say SecOps is completely or mostly an established practice at their organizations, while only 18% say it’s not established at all. These numbers dwindle according to specific job roles: 25% of security professionals believe that SecOps is an established practice at their companies, while only 10% of DevOps professionals agreed.
DevOps and Security Teams Operating in Silos
To help understand the obstacles to implementing SecOps, Threat Stack’s research found that challenges are primarily centered on organizational alignment as DevOps and security teams are not routinely integrated.
■ 44% of developers are not trained in secure coding, and 42% of operations staff are not trained in basic security practices.
■ Only 40% of respondents agree that DevOps are always incorporated into security processes.
■ A security specialist is a part of only 27% of Ops teams and 18% of Dev teams.
■ When respondents were asked whether they have the ability to fix a security-related issue themselves, 44% of DevOps respondents said they rely on someone else vs. 35% of security respondents.
■ 41% of DevOps professionals rated their organizations’ ability to detect and remediate security incidents as “average” vs. 35% of security professionals.
The Cloud Security Consequences
The speed of today’s business is driving companies to capitalize on the business benefits of cloud infrastructure and automation in order to compete. Threat Stack’s survey showed that the lack of SecOps adoption impacts the security of this infrastructure, given that more than half of the participating professionals rated the security of their organizations’ cloud infrastructure and environment as average or worse.
Industry News
June 05, 2023
Copado announced a technology partnership with nCino to provide financial institutions with proven tools for continuous integration, continuous delivery and automated testing of nCino features and functionality of the nCino cloud banking platform.
June 05, 2023
OpsMx announced extensions to OpsMx Intelligent Software Delivery (ISD) that make it a CI/CD solution designed for secure software delivery and deployment.
June 01, 2023
Couchbase announced a broad range of enhancements to its Database-as-a-Service Couchbase Capella™.
June 01, 2023
Remote.It release of Docker Network Jumpbox to enable zero trust container access for Remote.It users.
June 01, 2023
Platformatic launched a suite of new enterprise-grade products that can be self-hosted on-prem, in a private cloud, or on Platformatic’s managed cloud service:
May 31, 2023
Parasoft announced the release of C/C++test 2023.1 with complete support of MISRA C 2023 and MISRA C 2012 with Amendment 4.
May 31, 2023
Rezilion announced the release of its new Smart Fix feature in the Rezilion platform, which offers critical guidance so users can understand the most strategic, not just the most recent, upgrade to fix vulnerable components.
May 31, 2023
Zesty has partnered with skyPurple Cloud, the public cloud operations specialists for enterprises.
With Zesty, skyPurple Cloud's customers have already reduced their average monthly EC2 Linux On-Demand costs by 44% on AWS.
May 30, 2023
Red Hat announced Red Hat Trusted Software Supply Chain, a solution that enhances resilience to software supply chain vulnerabilities.
May 30, 2023
Mirantis announced Lens Control Center, to enable large businesses to centrally manage Lens Pro deployments by standardizing configurations, consolidating billing, and enabling control over outbound network connections for greater security.
May 25, 2023
Red Hat announced new capabilities for Red Hat OpenShift AI.
May 25, 2023
Pipedrive announced the launch of Developer Hub, a centralized online app development platform for technology partners and developers.
May 25, 2023
Delinea announced the latest version of Cloud Suite, part of its Server PAM solution, which provides privileged access to and authorization for servers.
May 24, 2023
Red Hat announced Red Hat Service Interconnect, simplifying application connectivity and security across platforms, clusters and clouds.
