GitLab announced the general availability of GitLab Duo Chat.
Enterprises Sacrifice Cybersecurity for Speed
Major SecOps Reality Gap: 85% of Companies Say Practicing SecOps is a Goal While 35% Actually Do
March 15, 2018
More than half of companies (52%) admit to cutting back on security measures to meet a business deadline or objective, according to a SecOps research report released by Threat Stack.
As further evidence that companies are sacrificing security for speed, Threat Stack found that 68% of companies say their CEO demands that DevOps and security teams not do anything that slows the business down. But that pressure doesn’t just come from the corner office, as 62% of companies also admit that their operations team pushes back when asked to deploy security technology.
“Businesses have grappled with the ‘Speed or Security’ problem for years, but the emergence of SecOps practices really means that companies can achieve both,” said Brian M. Ahern, Threat Stack Chairman and CEO. “The survey findings show that the vast majority of companies are bought-in, but unfortunately, a major gap exists between the intent of practicing SecOps and the reality of their fast-growing businesses. It’s important that stakeholders across every enterprise prioritize the alignment of DevOps and security.”
The SecOps Reality Gap
The purpose and intent of SecOps is to build towards distributing security decisions at speed and scale to those who hold the highest level of context without sacrificing the required controls. Survey respondents demonstrated a clear understanding of the importance of SecOps to the overall success of their business, with 85% saying that SecOps is a goal for their organization.
Despite clear intent to implement SecOps, only 35% of respondents say SecOps is completely or mostly an established practice at their organizations, while only 18% say it’s not established at all. These numbers dwindle according to specific job roles: 25% of security professionals believe that SecOps is an established practice at their companies, while only 10% of DevOps professionals agreed.
DevOps and Security Teams Operating in Silos
To help understand the obstacles to implementing SecOps, Threat Stack’s research found that challenges are primarily centered on organizational alignment as DevOps and security teams are not routinely integrated.
■ 44% of developers are not trained in secure coding, and 42% of operations staff are not trained in basic security practices.
■ Only 40% of respondents agree that DevOps are always incorporated into security processes.
■ A security specialist is a part of only 27% of Ops teams and 18% of Dev teams.
■ When respondents were asked whether they have the ability to fix a security-related issue themselves, 44% of DevOps respondents said they rely on someone else vs. 35% of security respondents.
■ 41% of DevOps professionals rated their organizations’ ability to detect and remediate security incidents as “average” vs. 35% of security professionals.
The Cloud Security Consequences
The speed of today’s business is driving companies to capitalize on the business benefits of cloud infrastructure and automation in order to compete. Threat Stack’s survey showed that the lack of SecOps adoption impacts the security of this infrastructure, given that more than half of the participating professionals rated the security of their organizations’ cloud infrastructure and environment as average or worse.
Industry News
April 18, 2024
SmartBear announced a new version of its API design and documentation tool, SwaggerHub, integrating Stoplight’s API open source tools.
April 18, 2024
Red Hat announced updates to Red Hat Trusted Software Supply Chain.
April 18, 2024
Tricentis announced the latest update to the company’s AI offerings with the launch of Tricentis Copilot, a suite of solutions leveraging generative AI to enhance productivity throughout the entire testing lifecycle.
April 17, 2024
CIQ launched fully supported, upstream stable kernels for Rocky Linux via the CIQ Enterprise Linux Platform, providing enhanced performance, hardware compatibility and security.
April 17, 2024
Redgate launched an enterprise version of its database monitoring tool, providing a range of new features to address the challenges of scale and complexity faced by larger organizations.
April 17, 2024
Snyk announced the expansion of its current partnership with Google Cloud to advance secure code generated by Google Cloud’s generative-AI-powered collaborator service, Gemini Code Assist.
April 16, 2024
Kong announced the commercial availability of Kong Konnect Dedicated Cloud Gateways on Amazon Web Services (AWS).
April 16, 2024
Pegasystems announced the general availability of Pega Infinity ’24.1™.
April 16, 2024
Sylabs announces the launch of a new certification focusing on the Singularity container platform.
April 15, 2024
OpenText™ announced Cloud Editions (CE) 24.2, including OpenText DevOps Cloud and OpenText™ DevOps Aviator.
April 15, 2024
Postman announced its acquisition of Orbit, the community growth platform for developer companies.
April 11, 2024
Check Point® Software Technologies Ltd. announced new email security features that enhance its Check Point Harmony Email & Collaboration portfolio: Patented unified quarantine, DMARC monitoring, archiving, and Smart Banners.
April 11, 2024
Automation Anywhere announced an expanded partnership with Google Cloud to leverage the combined power of generative AI and its own specialized, generative AI automation models to give companies a powerful solution to optimize and transform their business.
April 11, 2024
Jetic announced the release of Jetlets, a low-code and no-code block template, that allows users to easily build any technically advanced integration use case, typically not covered by alternative integration platforms.
