INFRA
INFRA
INFRA
Report finds most enterprises fail to implement security across DevOps process
Most organizations want to implement security into the entire DevOps process, but they’re struggling to do so.
That’s the biggest takeaway from a new report out today from security firm Checkmarx Ltd. “Managing Software Exposure: Time to Fully Embed Security into Your Application Lifecycle” was undertaken in conjunction with FreeForm Dynamics and The Register based on the input of 183 respondents worldwide in a variety of information technology roles.
The report found that a full 92 percent said that they were failing to implement security across their entire DevOps stack despite a desire to do so.
Education was cited as an ongoing issue, with 96 percent of respondents saying that they believed it was “desirable” or “highly desirable” for developers to be properly trained on how to produce secure code. A majority of respondents said they believe it’s more important to educate developers and empower them than it is to educate other stakeholders in the organization such as operations and security specialists.
Some 41 percent of respondents said that they agree that defining clear ownership and responsibility in relation to software security remains a big challenge, while only 11 percent said they’ve adequately addressed the need for developer education.
“Today, software is everywhere and the majority of respondents agree that it is integral to most business initiatives, yet there are still many gaps when it comes to securing that software,” Maty Siman, Checkmarx founder and chief technology, said in a statement. “Increased software complexity and the need to move at the speed of DevOps is creating a new type of risk in the form of software exposure, and as the results of this report attest, software security also needs to change.”
Other key findings included 57 percent of respondents agreeing with the statement that software security is now a boardroom issue. But 45 percent said they find it challenging to get senior management to approve funding for security training. Not least, 44 percent say executives don’t care about how quickly, frequently and safely developers deliver software, they just want them to do it.
Photo: mattmflickr/Flickr
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
