Lack of Visibility and Fragmented Tools Drive Security Risks in Cloud Applications
August 14, 2023

Amit Shah

The prevalence of team silos and point solutions throughout the DevSecOps lifecycle make it increasingly difficult for development, security, and operational teams to have comprehensive visibility into the threats affecting their cloud environments. In fact, according to a recent Dynatrace study, 77% of chief information security officers (CISOs) say it's a significant challenge to prioritize vulnerabilities because of a lack of information about the risks they pose. This issue underscores the critical role that risk assessment plays in effective vulnerability management.

As organizations modernize their application stacks around cloud-native technologies such as microservices and containers, a best practice is to adopt both shift-left and shift-right strategies. Shifting security left means identifying security vulnerabilities in development through testing, while shifting right means identifying vulnerabilities in production through runtime vulnerability analysis and other methods.

Combining these strategies helps to reduce the time it takes to find vulnerabilities from days or weeks to minutes and enables teams to be more effective in their resolution strategies. By using shift-left and -right strategies, organizations can enhance their overall cybersecurity posture and effectively address vulnerabilities throughout the software development lifecycle.

While the advantages of these practices and DevSecOps are widely recognized, many organizations are still in the initial phases of implementation.

Overcoming the Challenges of Siloed Tools

Siloed vulnerability management tools make it difficult for companies to identify and mitigate risks. Switching between and reconciling the insights from siloed tools also proves to be extremely time-consuming, as it hinders IT teams from gaining a holistic view. According to the Dynatrace study, more than 40% of CISOs say analysis is time-consuming, and managing alerts from different tools is labor-intensive.

Time spent on manual analysis detracts from time spent on innovation and problem resolution. According to the study, each member of development and application security teams spends nearly a third (28%) of their time — or 11 hours each week — on vulnerability management tasks that could be automated. Further, only 33% of CISOs have automated handoffs across functions.

The integration and automation of workflows streamline cross-functional collaboration, enabling faster response times and smoother coordination across teams. Organizations must look to adopt a platform approach to eliminate manual processes and error. In fact, 88% of CISOs say DevSecOps would be more effective if all teams worked from one platform integrated into their process.

Implementing an Approach That Converges Observability and Security

By leveraging observability and security across DevSecOps and integrating application security principles and practices into software development and operations, organizations can deliver software and services at speed without compromising application security. IT leaders need to adopt platform solutions that converge observability and security data and are powered by trusted AI and intelligent automation. Solutions that converge observability and security improve an organization's overall security posture and reduce the risk of cyberattacks, helping companies protect their reputation, minimize manual intervention, and deliver precise answers through explainable, intelligent automation.

Looking Ahead with DevSecOps: The Importance of AI and Automation

According to the study, 86% of CISOs say AI and automation are critical to the success of DevSecOps and overcoming resource challenges. By adopting AI and automation and using tools that converge observability and security, customers have reduced the time they spend identifying and prioritizing vulnerabilities by up to 95%, helping them deliver faster, more secure innovation that keeps them at the forefront of their industries.

Amit Shah is Director of Product Marketing at Dynatrace
Share this

Industry News

September 21, 2023

Red Hat and Oracle announced the expansion of their alliance to offer customers a greater choice in deploying applications on Oracle Cloud Infrastructure (OCI). As part of the expanded collaboration, Red Hat OpenShift, the industry’s leading hybrid cloud application platform powered by Kubernetes for architecting, building, and deploying cloud-native applications, will be supported and certified to run on OCI.

September 21, 2023

Harness announced the availability of Gitness™, a freely available, fully open source Git platform that brings a new era of collaboration, speed, security, and intelligence to software development.

September 20, 2023

Oracle announced new application development capabilities to enable developers to rapidly build and deploy applications on Oracle Cloud Infrastructure (OCI).

September 20, 2023

Sonar announced zero-configuration, automatic analysis for programming languages C and C++ within SonarCloud.

September 20, 2023

DataStax announced a new JSON API for Astra DB – the database-as-a-service built on the open source Apache Cassandra® – delivering on one of the most highly requested user features, and providing a seamless experience for Javascript developers building AI applications.

September 19, 2023

Oracle announced the availability of Java 21.

September 19, 2023

Mirantis launched Lens AppIQ, available directly in Lens Desktop and as (Software as a Service) SaaS.

September 19, 2023

Buildkite announced the company has entered into a definitive agreement to acquire Packagecloud, a cloud-based software package management platform, in an all stock deal.

September 19, 2023

CrowdStrike has agreed to acquire Bionic, a provider of Application Security Posture Management (ASPM).

September 18, 2023

Perforce Software announces BlazeMeter's Test Data Pro, the latest addition to its continuous testing platform.

September 18, 2023

CloudBees announced a new cloud native DevSecOps platform that places platform engineers and developer experience front and center.

September 18, 2023

Akuity announced a new open source tool, Kargo, to implement change promotions across many application life cycle stages using GitOps principles.

September 14, 2023

CloudBees announced significant performance and scalability breakthroughs for Jenkins® with new updates to its CloudBees Continuous Integration (CI) software.